What is a Data Processing Agreement?
A Data Processing Agreement (DPA) is a contract between a data controller and a data processor or a data processor and another data processor (or subprocessor) that outlines how personal data will be handled and protected during processing. A DPA is required by certain data protection and privacy regulations, most commonly the General Data Protection Regulation (GDPR) in the European Union, the European Economic Area, and the UK.
Why would a DPA be used in a design partnership?
While a design partnership is different than a standard sales agreement, the nature of the product being provided is really what matters in the context of a DPA. In the case of relationships covered under the GDPR, a software provider processing data about EU residents should expect to enter into a DPA with their customer, ensuring that there is clear governance for how personal data will be handled and protected during processing.
Sample langauge
Add Data Processing Agreement
Provider and Partner agreed to a { Data Processing Agreement } on { date of DPA }, which controls each party’s rights and obligations about personal data. The terms of the { Data Processing Agreement } will control in the event of any conflict with this Agreement.
Written to work with the Common Paper standard Design Partner Agreement.