📝
Data Processing Agreement (DPA)
Law
A contract that sets privacy rules when a vendor handles personal data for you.
Definition
A data processing agreement is a contract that defines how a service provider must handle personal data on behalf of another organization.
In plain English
A contract that sets privacy rules when a vendor handles personal data for you.
Why this matters
Why it matters: It sets limits, security duties, and responsibilities, reducing privacy risk when data is shared.
Example
Example: A company signs a DPA with its cloud provider that stores user accounts.