Back to home

Data protection

Data processing agreement overview

A signed DPA documents controller and processor responsibilities for a specific customer relationship. This page describes the topics the agreement should cover; it is not itself an executed DPA.

Last updated 14 July 2026

01

Agreement scope

Roles and instructions

The agreement identifies the parties, subject matter, duration, data categories, data subjects, and documented processing instructions.

Confidentiality and security

Authorized personnel, technical and organizational measures, access controls, and security obligations are documented.

Subprocessors and transfers

Relevant service providers, change processes, transfer mechanisms, and locations are addressed for the contracted deployment.

02

Operational commitments

Assistance

The agreement defines support for data-subject requests, security reviews, and applicable impact assessments.

Incident handling

Notification, cooperation, evidence preservation, and communication contacts are set contractually.

Return and deletion

End-of-service return, export, retention, and deletion behavior is agreed for the customer's data.

Next step

Put the information into action.

Request a DPA