What Needs To Be Included In A Data Processing Agreement

Article 28(3) of the GDPR explains in detail the eight topics that must be addressed in a DPA. In summary, you should include: Mapping data usage and determining risks Before you create a DPA, you should be clear about the category of personal data it is specifically about. The GDPR categorizes personal data into categories or regular data and special categories. Regular personal data includes information such as names and dates of birth, and special category data includes sensitive information such as financial and biometric data. Your organization needs to be clear about which category of personal data the data protection authority will refer to, as data in the special category requires a higher level of data protection measures. .