Data Processing Agreement

Back to dashboard

Define your need for a DPA

Who are your customers?
You only need a DPA if your customers are organizations.
Organizations
Your clients are companies, NGOs or public bodies...
Individuals
Your clients are individuals.
Both
Your clients are organizations and individuals.
None
You don't work with organizations or individuals.
It seems that you don't need to sign a DPA with your users.
DPA are only required if your users are organizations.
What's a DPA?
A DPA is the contract between an organization that needs personal data to be processed (your users, also called data controller) and the organization that processes data on behalf of other organization (your company, also called Data Processor).
Do I need a DPA?
Your users may ask to sign a DPA with your organization if:

- They are an organization.
- You process data on their behalf.

Define the processing activities concerned by the DPA.

Describe the service you provide to your users.
One or two sentences
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Which activities are processed on behalf of your users?
Processing Activity
What Processing Activities should be included in my DPA?
Your DPA should only mention the activities involving data processed on behalf of your users.

For example:

Stripe is a payment processing tool.
It processes payment on behalf of its users.
It sends newsletters on its own behalf.

Mailchimp is a newsletter tool.
It sends newsletter on behalf of its users.
It processes payments on its own behalf.

Technical and organizational measures

Select the measures in place to ensure the security of the personal data that you process.
1 - Access control measures
Processing Activity
Processing Activity
What are Technical and Organizational Measures (TOMs)?
Technical measures include any protection of data processing security that can be realized by physical measures or in software and hardware.

Organizational measures in the sense of the Article 32 GDPR include measures that involve the implementation of instructions, policies and procedures for employees to ensure the security of the processing of personal data.

Company details

Legal name
Street address
City
ZIP code
Country
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Legal representative

Full name
Position in the company
Email address
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Back
Publish
What's a legal representative under the GDPR?
The representative serves as the contact point for all issues related to an organization's processing of personal data, including being a contact point for supervisory authorities.