Generate a UK GDPR Data Processing Agreement. Required under Article 28 UK GDPR when sharing personal data with processors. Plain English. From £4.99.
A GDPR Data Processing Agreement (DPA) is the contract between a controller and a processor that satisfies Article 28 of the UK GDPR. It specifies what personal data the processor handles on the controller's behalf, on what instructions, and with what safeguards. It is the document Article 28(3) requires to be in place before a processor begins handling personal data on behalf of a controller.
Whenever your business hands personal data to a third party — a hosting provider, a payroll bureau, a marketing agency, a CRM platform, an analytics tool — and that third party processes the data on your behalf, a DPA must be in place. The absence of one is itself a breach of Article 28.
The subject matter, duration, nature and purpose of the processing; the categories of data subjects and personal data; processor obligations including confidentiality, security measures, sub-processor appointment, data subject rights assistance, breach notification, deletion or return on termination, and audit cooperation; international transfer mechanisms where data leaves the UK; and the controller's documented instructions and warranties.
Loading interactive view…