A Data Processing Agreement, often shortened to DPA, is a contract that sets out how a service provider may handle personal data on behalf of another organisation.
DPAs commonly explain each party's role, the processor's instructions, security measures, sub-processors, international transfers, audit rights and what happens to personal data when the services end.
Data protection rules vary by country, so a DPA should be checked against the laws that apply to the organisations, people and data involved.
This definition is for general information only and is not legal advice.