Data Processing Agreement
Article 28(3) of GDPR requires that controllers, processors, and sub-processors must enter into written contracts, or data processing agreements, in order to share personal data. DPAs create liability limitations and establish roles and responsibilities for controllers, processors, and sub-processors.