All DPA clauses

GDPR DPA clause · high

Controller / Processor Roles

The clause that fixes who is the controller and who is the processor, and pins down the subject matter, nature and purpose of the processing.

What the clause requires

The agreement must identify each party's role (controller or processor) and the subject matter, nature and purpose of processing.

Why a GDPR DPA needs it

GDPR Article 28 requires the processing to be governed by a contract that sets out these particulars. If the roles are not stated, it is unclear who carries which obligation, and the agreement may not satisfy Article 28 at all.

Risk if it is missing

Without defined roles the parties' data-protection obligations are ambiguous and may be unenforceable.

Free · nothing leaves your browser

Check your DPA against all 10 clauses

Answer 10 quick questions — checked in your browser, no upload. To review the actual wording, the desktop app reads your DPA on your machine and never sends it anywhere.

Run the free DPA check

This page explains a common Data Processing Agreement clause for general information. It is not legal advice. Have a qualified professional review anything that matters.