Data Processing Agreement (DPA) / Operator Agreement
A data processing agreement (or data processing addendum or DPA) or Operator Agreement is a legally binding document that is required in essence by law by the Protection of Personal Information Act 4 of 2013 (“POPI Act”). This Agreement is entered into between your business and any other legal entity (suppliers, agents, independent contracts, etc.) if you are sharing any personal information that is in your possession with them. The agreement stipulates how personal information may be accessed, processed, and/or shared. A good example is an arrangement between two organisations where one instructs the other to use their clients’ information for a certain purpose. Another example is sharing personal information with a courier company so that the courier company can deliver a product.
Most businesses need one.
Because of how the law around POPIA and PAIA is constructed, essentially all businesses that have access to any form of personal information belonging to customers/clients of the other will need to agree to a Data Processing Agreement (DPA) / Operator Agreement. This document is, therefore, templatised instead of automated. You will be able to re-use it for different suppliers or other parties.
Other POPIA related documents
See our other documents that help you to make your business POPIA complaint
How does it work
If you click Order now, our questionnaire will ask you a set of questions to fully tailor the documents to your needs. After payment, you will receive both a PDF and WORD version of the documents.
In case you need a review of your documentation, or you would like to schedule a consult, please let us know by purchasing the service here
Read more about the 5 most common popi mistakes made by online business here