GDPR DPA clause · high
Confidentiality of Personnel
The clause requiring anyone who can access the personal data to be under a binding confidentiality obligation.
What the clause requires
Persons authorized to process the data must be bound by a duty of confidentiality.
Why a GDPR DPA needs it
Article 28(3)(b) requires that persons authorised to process personal data have committed to confidentiality or are under a statutory duty. Missing it leaves staff access ungoverned.
Risk if it is missing
Staff with access to personal data have no binding obligation to keep it confidential.
Free · nothing leaves your browser
Check your DPA against all 10 clauses
Answer 10 quick questions — checked in your browser, no upload. To review the actual wording, the desktop app reads your DPA on your machine and never sends it anywhere.
Run the free DPA checkThis page explains a common Data Processing Agreement clause for general information. It is not legal advice. Have a qualified professional review anything that matters.