What is Data Processing Agreement (DPA)?
A Data Processing Agreement (DPA) is a legally required contract between a data controller and a data processor under UK GDPR Article 28. It must be in place whenever a controller instructs a third party — such as a cloud software provider, marketing agency or payroll bureau — to process personal data on its behalf. The agreement must specify the subject matter, duration, nature and purpose of processing, the type of personal data and categories of data subjects, and the processor's obligations regarding security, sub-processors, data subject rights and assistance with breach notification. Controllers are responsible for selecting processors with appropriate technical and organisational security measures.
Related terms
Find verified legal & compliance businesses
Search the Yolist directory for UK businesses whose listings reference Data Processing Agreement (DPA).
Search YolistCite this definition
Yolist. (2026). What Is Data Processing Agreement (DPA)? Yolist UK Business & Trade Glossary. Retrieved June 9, 2026, from https://yolist.uk/glossary/data-processing-agreementEmbed this definition
Paste this snippet into your article — it links back to the source definition.
<p>Source: <a href="https://yolist.uk/glossary/data-processing-agreement">Data Processing Agreement (DPA) — Yolist UK Business & Trade Glossary</a></p>