A Data Processing Agreement (“DPA”) is a legal contract that determines how data controllers and data processors meet all the data privacy expectations that the European Commission has established. In the case of our clients, we are the data processors, and our clients are the data controllers. Since the General Data Protection Regulation (“GDPR”) came into force on the 25th of May 2018, SaaS companies and their customers are legally obliged to include a written data processing agreement in the terms of their SaaS agreements. The GDPR sets out a clear basis for the insurance of data safety and requires having a DPA in place by a data processor to show businesses that the processor is capable and understands the legal requirements for handling data. Whether the company is a processor, controller, or sub-processor, a DPA is required with whichever party the company interacts with. Our DPA also includes a list of our sub-processers who help us in providing you the services, with whom we also have DPAs.
A DPA constitutes how data transfers are handled, any standard contractual clauses, lists of sub-processors, the duration of processing or data storage, and the data categories that the personal data belongs to. Since Neuron is based in the European Union and is subject to GDPR, not having a DPA in place is an easy way to be fined.