← Glossary · privacy
DPA
Data Processing Agreement — required by GDPR and similar regimes, defines how a vendor processes the buyer's personal data.
A DPA codifies the controller / processor relationship, lists sub-processors, sets breach-notification SLAs, and grants the buyer audit rights. Required for any vendor handling EU personal data.