If you want to know how to construct a lawful data processing agreement, you’re in the right place. In this blog post we’ll walk you through all the important elements of a DPA under GDPR.
GDPR imposes many obligations on companies wanting to collect and use personal data about their clients (we have tackled them in numerous posts on our blog, be sure to check them out). One of the most important obligations is signing DPAs with every other entity that has access to this data.
In case the term doesn’t ring a bell – a data processing agreement (DPA) or commissioned data processing clause is a legally binding document signed between two key data processing actors under GDPR – the controller and the processor.
It regulates the particularities of data processing, such as its scope and purpose, as well as the relationship between those actors. In addition, it assigns certain obligations that are required by the Regulation.
When do you need a DPA?
Whenever a data processor carries out any processing on behalf of a data controller (that would be the case with CRMs, CDPs, analytics, and many other types of tools designed to analyze user behavior) you need to have a written contract in place.
The contract is important so that both parties understand their role in handling users’ personal data as well as obligations arising from it. It ensures that the chain of responsibility is clear to each participant in the process.
Clique aqui e leia a matéria completa.