If you're an employer hiring independent contractors to process personal data, it's important to have a Data Processing Agreement (DPA) in place. This legally binding contract outlines the responsibilities of both the data controller (you) and the data processor (the contractor) with respect to the processing of personal data.
In this piece, you’ll learn how to draft a DPA contract—and we’ll provide a sample template you can take inspiration from.
Here's a step-by-step guide to creating a DPA contract, along with a sample template to help you get started.
1. Identify the parties involved
The first step in creating a DPA is to identify the parties involved. This includes your business as the data controller, and the contractor as the data processor.
2. Define the purpose of the contract
Next, define the purpose of the contract. What personal data will be processed, and for what specific purpose? Be as specific as possible.
3. Outline the obligations of the data controller
As the data controller, you have certain responsibilities under data protection laws. These might include providing instructions to the data processor, ensuring the security of the personal data, and notifying the data processor of any data breaches.
4. Outline the obligations of the data processor
The data processor also has responsibilities under the DPA, including ensuring the security of the personal data and only processing the data in accordance with your instructions.
5. Address data transfers
If personal data is being transferred from you to the contractor, be sure to address this in the DPA. This might include requirements for data transfer agreements or additional security measures.
6. Address sub-processors
If the contractor uses sub-processors to process the personal data, make sure to address this in the DPA. You should have the right to approve the use of sub-processors, and the contractor should provide you with information about any sub-processors being used.
7. Address audit rights
It's a good idea to include a provision in the DPA that allows you to audit the contractor to ensure compliance. Make sure to include details about the scope and timing of any such audit.
[Your Business Name and Address]
[Recipient's Name and Address]
Dear [Recipient's Name],
This Data Processing Agreement (“DPA”) is made and entered into between [Your Business Name] (“Data Controller”) and [Contractor’s Business Name] (“Data Processor”).
The purpose of this DPA is to define the terms and conditions under which Data Processor will process personal data on behalf of Data Controller.
Obligations of Data Controller
As the data controller, you shall provide instructions to the data processor in relation to the processing of personal data and shall ensure the security of such data.
Obligations of Data Processor
The data processor shall only process personal data in accordance with your instructions and shall take appropriate technical and organizational measures to ensure the security of such data.
If personal data is being transferred from you to the contractor, the contractor shall ensure that appropriate data transfer agreements are in place and that any additional security measures required are implemented.
The contractor shall not engage any sub-processors without your prior written consent. The contractor shall provide you with a list of any sub-processors being used and shall ensure that any sub-processors used are subject to appropriate data protection obligations.
You shall have the right to audit the contractor to ensure compliance with the DPA. The contractor shall provide reasonable assistance to you in relation to any such audit.
If you have any questions or require additional information, please don't hesitate to contact us.
[Your Name and Title]
[Your Business Name]
We hope this template is useful. Be sure to contact a legal professional to help you customize it to your specific needs.
If you’re hiring contractors, you’re probably spending too much time on their payroll, contracts, and tax documents. Which is why we built Panther, which saves you 90% the time you spend on contractor paperwork each month.
With Panther, you can compliantly hire your contractors in 150+ countries, onboard them in minutes, and pay them all at once (in a click). It’s global contractor payroll, finally simplified.
Sound interesting? Click here to watch a 4-minute product demo and see the platform firsthand (without ever having to book a lengthy product demo call).