DPA Generator

Generate a Data Processing Agreement (DPA) between a Controller and a Processor.
Data Controller Name
Data Processor Name
Effective Date
Generated DPA Agreement
# Data Processing Agreement (DPA)

**Effective Date:** 2026-01-19

**Between:**
- **Data Controller:** [Controller Name]
- **Data Processor:** [Processor Name]

## 1. Definitions

**Personal Data:** Any information relating to an identified or identifiable natural person.
**Processing:** Any operation performed on Personal Data.
**Data Subject:** The individual to whom Personal Data relates.

## 2. Scope and Purpose

The Processor agrees to process Personal Data only on documented instructions from the Controller for the purpose of providing services under the main agreement.

## 3. Processor's Obligations

The Processor shall:
- Process Personal Data only on documented instructions
- Ensure confidentiality of persons authorized to process
- Implement appropriate technical and organizational measures
- Assist the Controller in responding to Data Subject requests
- Assist in ensuring compliance with security obligations
- Delete or return Personal Data after end of services
- Make available information for demonstrating compliance

## 4. Security Measures

The Processor implements:
- Encryption of Personal Data
- Ability to ensure confidentiality, integrity, availability
- Ability to restore availability in case of incident
- Regular testing and evaluation of effectiveness

## 5. Sub-Processing

The Processor may engage sub-processors with prior written consent from the Controller. The Processor remains fully liable for sub-processor obligations.

## 6. Data Subject Rights

The Processor shall assist the Controller in fulfilling obligations to respond to requests:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object

## 7. Data Breach Notification

The Processor shall notify the Controller without undue delay after becoming aware of a Personal Data breach.

## 8. Audits and Inspections

The Processor shall make available all information necessary to demonstrate compliance and allow for audits.

## 9. International Data Transfers

Any transfer of Personal Data to third countries shall comply with GDPR requirements, including Standard Contractual Clauses where applicable.

## 10. Liability and Indemnification

The Processor shall be liable for damages caused by processing that does not comply with GDPR or acts outside lawful instructions.

## 11. Term and Termination

This DPA remains in effect as long as the Processor processes Personal Data on behalf of the Controller.

**Signed:**

Controller: [Controller Name]
Date: 2026-01-19

Processor: [Processor Name]
Date: 2026-01-19