A DPA is a written agreement between an organisation (‘data controller’) and a third-party organisation handling personal data for the controller (‘data processor’) that ensures that all processing tasks are carried out in accordance with both the EU’s General Data Protection Regulation (‘GDPR’).
The processing of personal data is almost always an issue in commercial relationships, to a greater or lesser extent. But even more so when concerning IT solutions. IT is, after all, by its very nature used for automated processing of data and many of those data qualify as personal data. Information is considered ‘personal data’ if a party has the means to trace the data back to an identifiable individual. This can therefore be data about the organization's own employees as well as data about customers or prospects.