Data processing agreement

This Data Processing Agreement (DPA) complies with the EU's General Data Protection Regulation (GDPR). It forms part of the contract between the data controller and the data processor, and it lays out the responsibilities and obligations of the data processor.

Understanding the terms

The data controller ("Controller") refers to the entity determining the purpose and means of processing personal data.

The data processor ("Processor") refers to the entity processing personal data on behalf of the Controller.

Roles and responsibilities

The Processor shall process the personal data only on documented instructions from the Controller, including transferring data outside of the EU, unless legally required to do so.

The Processor agrees to:

  • Ensure that individuals processing the data are committed to confidentiality

  • Implement appropriate security measures

  • Assist with data subject's rights

  • Assist the Controller in ensuring compliance with the GDPR

  • Delete or return all personal data after the end of the services

Data breach

In the event of a data breach, the Processor shall notify the Controller without undue delay upon becoming aware of the breach.


The Processor should not engage with another Processor without prior specific consent of the Controller.

Termination of contract

Upon termination of the contract, the Processor agrees to delete all personal data unless legal requirements dictate otherwise.

Was this helpful?