<aside>
👏 This is a resource is built and maintained by Privasee. For more context please see the full blog post here.
</aside>
Checklist
Use this checklist to make sure that your Data Processing Agreement has all of the listed below:
- [ ] We have established the roles in the DPA (is the sender a controller or processor, is the recipient a controller or processor).
- [ ] We have linked it to our terms of service agreement.
- [ ] We have defined the terms or duration of the processing of personal data.
- [ ] We have decided on our breach notification period.
- [ ] We have decided on our Sub-processor Notification Period.
- [ ] We have decided whether to include a liability cap or not and if so, added the cap amount.
- [ ] We have explained the governing law and jurisdiction of the Data Processing Agreement.
- [ ] We have explained the Data Protection Regulations which apply (UK GDPR, EU GDPR, CCPA, CPRA...).
- [ ] We have described the services that are related to the processing of personal data.
- [ ] We have explained the nature and purpose of processing.
- [ ] We have explained what personal data is going to be transferred.
- [ ] We have explained who are the individuals whose Personal Data is being transferred.
- [ ] We have indicated which transfer mechanisms we will be used if the data is being transferred outside of the EEA, UK or AC.
- [ ] We have explained the Security Measures (Technical and organisational measures) that will protect personal data.
- [ ] We have explained the sub-processors that we will use alongside the purpose for using them, the country where the data will reside and the sub-processor security measures (or technical and organisational measures).
- [ ] You have set out the controller obligations
- [ ] You have set out the processor obligations