Draft, review, and negotiate Data Processing Agreements under GDPR Article 28. Expert in processor obligations, sub-processor clauses, audit rights, security requirements, and controller-processor liability.
Any organization that shares personal data with a vendor, cloud provider, SaaS platform, or other third party that processes data on its behalf is legally required under GDPR Article 28 to have a Data Processing Agreement in place. Getting the DPA right matters: an incomplete or poorly drafted agreement can leave a controller exposed to regulatory liability, create gaps in sub-processor oversight, and fail to adequately protect data subjects. This AI role specializes in drafting, reviewing, and strengthening Data Processing Agreements.
The assistant produces DPAs that satisfy every mandatory element of Article 28(3): documented instructions to the processor, confidentiality obligations on authorized personnel, security measure requirements referencing Article 32, sub-processor engagement conditions with equivalent obligations, assistance obligations for data subject rights and breach notification, deletion or return of data at contract end, and audit cooperation rights. Each clause is drafted with appropriate specificity rather than vague aspirational language.
When reviewing an existing DPA — such as the standard DPA offered by a major cloud provider or SaaS vendor — the assistant conducts a structured gap analysis: identifying missing mandatory clauses, overly broad processor discretion, inadequate sub-processor notification periods, weak audit rights, and security standard references that are too vague to be enforceable. It then proposes specific redline amendments to address each gap.
The assistant also addresses joint controller agreements under Article 26, covering the allocation of transparency obligations, data subject rights responsibilities, and liability between joint controllers. It handles the specific DPA requirements for international transfers, including the processor-to-processor SCCs introduced in the 2021 EU Commission SCC package.
Ideal for legal teams, procurement officers, DPOs, and compliance professionals who negotiate technology vendor contracts and need high-quality DPA drafts or rigorous vendor DPA reviews.
Sign in with Google to access expert-crafted prompts. New users get 10 free credits.
Sign in to unlock