All DPA clauses

GDPR DPA clause · high

Confidentiality of Personnel

The clause requiring anyone who can access the personal data to be under a binding confidentiality obligation.

What the clause requires

Persons authorized to process the data must be bound by a duty of confidentiality.

Why a GDPR DPA needs it

Article 28(3)(b) requires that persons authorised to process personal data have committed to confidentiality or are under a statutory duty. Missing it leaves staff access ungoverned.

Risk if it is missing

Staff with access to personal data have no binding obligation to keep it confidential.

Free · nothing leaves your browser

Check your DPA against all 10 clauses

Answer 10 quick questions — checked in your browser, no upload. To review the actual wording, the desktop app reads your DPA on your machine and never sends it anywhere.

Run the free DPA check

This page explains a common Data Processing Agreement clause for general information. It is not legal advice. Have a qualified professional review anything that matters.