Share

2 min read

Writen by Zlatko Delev

Posted on: April 28, 2021

What is a GDPR data processing agreement?

Virtually every business relies on third parties to process personal data. Whether it’s an email client, a cloud storage service, or website analytics software, you must have a data processing agreement with each of these services to achieve GDPR compliance.

What needs to be in a data processing agreement

GDPR Article 28 Section 3, explains in detail the eight topics that need to be covered in a DPA. In summary, here’s what you need to include:

  • The processor agrees to process personal data only on written instructions of the controller.
  • Everyone who comes into contact with the data is sworn to confidentiality.
  • All appropriate technical and organizational measures are used to protect the security of the data.
  • The processor will not subcontract to another processor unless instructed to do so in writing by the controller, in which case another DPA will need to be signed with the sub-processor (pursuant to Sections 2 and 4 of Article 28).
  • The processor will help the controller uphold their obligations under the GDPR, particularly concerning data subject’s rights .
  • The processor will help the controller maintain GDPR compliance with regard to Article 32  (security of processing) and Article 36 (consulting with the data protection authority before undertaking high-risk processing).
  • The processor agrees to delete all personal data upon the termination of services or return the data to the controller.
  • The processor must allow the controller to conduct an audit and will provide whatever information necessary to prove compliance.

We hope this guide will help . For more information kindly approach us on https://staging.gdprlocal.com/.

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.

Contact Us

Recent blogs

Appointment of a DPO in Singapore: What You Need to Know Before 30th September

If your business handles personal data in Singapore, it’s important to be aware of a key deadline

Enterprise Data Protection: Securing Large-Scale Information Assets

Cyber threats and regulatory pressures have made it necessary for businesses around the world to sa

Continuous Data Protection: Ensuring Real-Time Information Security

Continuous data protection (CDP) has emerged as a crucial strategy in safeguarding data assets agai

Get Your Account Now

Setup in just a few minutes. Enter your company details and choose the services you need.

Create Account

Get In Touch

Not sure which option to choose? Call, email, chat to us
anytime.

Contact Us
06 GDPR INFO

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.

Full Name is required!

Business Email is required!

Company is required!

Please accept the Terms and Conditions and Privacy Policy