The basics of data processing agreements.

Learn what a data processing agreement is, who needs one, and how you can easily sign it.

We live in an increasingly digital world, and with that comes the need to process data. How companies handle all that data is strictly controlled. One common regulatory tool is the data processing agreement or DPA. Here we explore what a DPA is and what considerations often come with it.

What is a DPA?

The European Union introduced data processing agreements in 2018 to control the ways businesses handle the personal data of EU citizens under the General Data Protection Regulation (GDPR). A DPA is a legally binding document signed between the data controller and data processor.

The data controller is the person or party that determines how and why the data is processed. The data processor is the party that does the practical work of data processing.

A DPA establishes, among other things:

Who needs to sign a DPA?

IT and software development companies most often need to sign a DPA. According to the GDPR, however, any company that processes private data from EU citizens must sign a DPA. To check whether or not you need a DPA, contact a relevant legal expert.

What to watch out for when signing a DPA.

When you sign a DPA, ensure it provides sufficient guarantees of data protection. You must also clearly establish how your processor will use the data, and whether there are any loopholes or room for interpretation in the agreement.

How to easily sign a DPA.

The easiest way to sign a DPA is to use digital signatures. They’re legally binding, and much faster and cheaper than pen-and-paper signatures. Acrobat Sign lets you easily request signatures, track the process, and protect your documents with passwords and digital certificates.

Discover more ways Sign can help you sign your digital contracts.