Data Processing Agreement
A legally binding contract between a data controller and data processor that governs how personal data is handled.
What Data Processing Agreement means
A Data Processing Agreement (DPA) is a mandatory contract under GDPR between data controllers and processors that specifies the scope, nature, and purpose of data processing. DPAs must include details about the types of personal data processed, categories of data subjects, processing duration, processor obligations (security, confidentiality, assistance with rights requests), sub-processor authorization requirements, and data deletion/return upon termination. Major ad platforms provide standard DPAs as part of their terms of service — Meta, Google, TikTok, and LinkedIn all offer platform DPAs. Advertisers should review these carefully to ensure they meet their specific compliance obligations, particularly for international data transfers and industry-specific requirements.
Related terms
Data Controller
The entity that determines the purposes and means of processing personal data, bearing primary responsibility under GDPR.
Data Processor
An entity that processes personal data on behalf of a data controller, bound by a data processing agreement.
GDPR
The General Data Protection Regulation — the EU's comprehensive data protection law governing how personal data is collected, processed, and stored.
Standard Contractual Clauses
EU-approved legal frameworks for transferring personal data from the EU to countries without adequate data protection levels.