D · Data · DPA · deflection

DPA

Data Processing Agreement — the legal contract between controller and processor.

In one sentence

A Data Processing Agreement (DPA) is the GDPR-mandated contract that defines the scope, purpose, duration and security measures under which a processor handles personal data on behalf of a controller.

When it matters

Required by GDPR article 28 whenever you use a processor (i.e. always for SaaS).

A real-world example

helpcode publishes its standard DPA on the website — pre-signed, EU-jurisdiction, with the sub-processor list referenced.

Curated by helpcode legal team · Last reviewed 2026-05-22