Glossary
Glossary: Data Processing Agreement
A legal contract defining how a vendor may process personal data on behalf of a company.
A Data Processing Agreement (DPA) is a legal contract between a company and a vendor that defines how the vendor may process personal data on the company’s behalf, as required under regulations like GDPR. It sets out responsibilities, security obligations, and data handling terms.
Examples
A company signs a DPA with its analytics provider before sending it any user data.
A DPA specifies that a vendor must delete user data within a set period after a contract ends.
An enterprise customer requests a signed DPA as part of its vendor security review.
FAQs
When is a DPA required?
Generally whenever a company (the data controller) shares personal data with a third-party vendor (the data processor) under regulations like GDPR.
What does a DPA typically cover?
Data handling responsibilities, security measures, sub-processor terms, breach notification, and data deletion obligations.
Does Formo offer a DPA?
Yes. Formo provides a Data Processing Agreement for customers who need it as part of their compliance requirements.
Ask AI about Formo