Data Processing Agreement (DPA)
A legally binding contract between a data controller and data processor that outlines how personal data will be processed, protected, and handled in compliance with privacy regulations.
Also known as: DPA
Why It Matters
Under GDPR, you must have a DPA with every vendor that processes personal data on your behalf - including your analytics platform. The DPA defines each party's responsibilities, data security measures, and what happens during a data breach.
Without proper DPAs, you risk regulatory fines even if no actual data breach occurs. Most analytics vendors provide standard DPAs, but you should review them to ensure they meet your specific requirements.
Common Mistakes
- -Using analytics tools without a signed DPA - this is a GDPR violation
- -Not reviewing the DPA terms to ensure they align with your privacy policy
- -Assuming a vendor's standard DPA covers all your specific data processing activities
Pro Tips
- +Maintain a register of all DPAs and review them annually
- +Ensure DPAs cover data breach notification timelines (72 hours under GDPR)
- +Check that sub-processor lists in DPAs are kept current as vendors change their infrastructure
Related Terms
GDPR
The General Data Protection Regulation - a comprehensive EU privacy law that governs how organizations collect, process, and store personal data of EU residents.
CCPA
The California Consumer Privacy Act - a state privacy law giving California residents rights over their personal data including the right to know, delete, and opt out of sale of their information.
Data Governance
The framework of policies, processes, and standards that ensure data across an organization is accurate, consistent, secure, and used in compliance with regulations and business rules.
Privacy by Design
An approach that embeds data protection and privacy considerations into the design and architecture of systems and processes from the start, rather than adding them as afterthoughts.
See Data Processing Agreement (DPA) in action
KISSmetrics tracks every user across sessions and devices so you can measure what matters. Start free - no credit card required.