Data Processing Agreement (DPA)
Sharing personal data with a processor? You’ll need a data processing agreement.
From time to time, you’ll need to process the personal data of individuals. Perhaps, you need to process the data of existing clients. Or perhaps, you want to track and use the data of consenting website visitors. Under UK data protection law, it’s a legal requirement to have a data processing agreement when sharing personal data with a processor (someone who is processing data on your behalf).
For example, let’s say you’ve signed up for a third-party service that intelligently leverages data to make smart email marketing campaigns. Exciting. If personal data is a part of that process, you’ll need a data processing agreement in place to govern the relationship between you (the controller) and your third party (the processor).
When a data processing agreement is needed
Data moving from one organisation to another
The integrity of an individual’s personal data has a series of protections under the UK GDPR. As a result, their privacy rights are your responsibility as the caretaker of their data. If you’re sending data to another organisation for processing, you need to have a DPA in place.
Having an extra helping hand can be invaluable. However, there needs to be a contract in place that regulates the relationship, outlines obligations, and emphasises responsibility.
How to get started
Who this can affect
Don't take our word for it
The team have provided excellent advice and support over the years on both contracting and data protection issues, we really see them as an extension of our team at ActiveViam.
The GDPR: Your Guide to Compliance
Report: UK GDPR Explained
How to Choose the Right Legal Partner
For some, the phrase “data protection” inspires dread. For us, data protection is a personal passion. We complete the puzzle of your legal strategy and ensure your business acts compliantly within the eyes of the law.