DPDP glossary

What is Data Processing Agreement (DPA)?

A Data Processing Agreement is the contract between a Data Fiduciary and a Data Processor that sets out processing instructions, security measures, sub-processor rules, breach-reporting duties, and assistance with Data Principal rights. It is the primary legal tool for vendor compliance under DPDP.

Key requirements

• Define permitted processing purposes and data categories
• Require reasonable security safeguards proportionate to risk
• Mandate prompt breach notification to the Fiduciary
• Restrict sub-processing without approval
• Include deletion or return of data on contract termination

Related resources

• Vendor due diligence
• What is a Data Processor?