A GDPR Data Processing Agreement is required by law in certain situations. Here's exactly when you need one and what it must cover.
A Data Processing Agreement (DPA) is one of the most commonly overlooked legal requirements for UK businesses that use third-party services.
A DPA is a contract between a data controller (the business that owns the data) and a data processor (a third party that handles that data on the controller's behalf). It is required under Article 28 of UK GDPR whenever you share personal data with a processor.
Loading interactive view…