Glossary definition

Data Processing Agreement

Data Processing Agreement is a contract, often required under GDPR, that governs how a processor handles personal data on behalf of a controller, including obligations and safeguards.

Standards & Evidence

Why It Matters

In security reviews

A DPA is frequently required before a deal can close and defines data-handling commitments that questionnaires probe.

Workflow Context

Where it shows up

Negotiated during legal and procurement review, often alongside the security questionnaire.

Common Mistakes

What to avoid
  1. Treating data processing agreement as a universal term with no workflow context.

    Use this as an editorial checkpoint when the term appears in a buyer review, internal workflow, or vendor evaluation.