Data Processing Agreement — a contract required under GDPR (and similar laws) between a data controller and a processor, governing how personal data is handled.
A DPA (Data Processing Agreement) is required under GDPR Article 28 whenever a data controller uses a processor to handle personal data on its behalf. It specifies the processing's purpose, duration, sub-processor rules, security obligations, and what happens to the data at contract end. Enterprise buyers in the EU (and increasingly elsewhere) expect one before sending any personal data.
Looking for another term or the full list?