1 Asked: January 27, 20212021-01-27T08:52:01+01:00 2021-01-27T08:52:01+01:00In: GDPR Does a DPA has to be a standalone document? 1 Does a DPA has to be a standalone document? Share Facebook 6 Answers Voted Oldest Recent Egil Bergenlind 3 Questions 15 Answers 0 Best Answers 9 Points View Profile Egil Bergenlind Rising star contributor 2021-01-27T09:49:08+01:00Added an answer on January 27, 2021 at 9:49 am Hello! One of the first questions, welcome to Watercooler! And no, a data processing agreement does not need to be a standalone document, it can for example be included in a service agreement. The important thing is that the right matters are covered and agreed upon. Best, Egil 3 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn Tash 0 Questions 23 Answers 0 Best Answers 23 Points View Profile Tash Bronze contributor 2021-01-27T11:44:04+01:00Added an answer on January 27, 2021 at 11:44 am No, it doesn’t but it helps if it is, simply because you may have differing terms for different clients, or things may change in the DPA. The last thing you want is for a legal team to have to start red lining your MSA all over again just because of a change to the DPA. 2 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn Chris Roberts 0 Questions 42 Answers 0 Best Answers 42 Points View Profile Chris Roberts Silver contributor 2021-01-29T18:10:28+01:00Replied to answer on January 29, 2021 at 6:10 pm Agreed, If you don’t have to re-engage Legal then that’s usually a very good thing. 0 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn HellenB 2 Questions 83 Answers 0 Best Answers 79 Points View Profile HellenB Silver contributor 2021-01-28T23:27:10+01:00Added an answer on January 28, 2021 at 11:27 pm I agree that the DPA is better as a stand-alone agreement, not least in order to ensure terms regarding issues such as termination and liability are not contradictory in different parts of overall agreement. A comprehensive DPA may also include significant amounts of detail regarding the data being processed and for what purpose and also have to append SCCs or other matters. We tend to send both the DPA and main contract over at the same time for electronic signature. 1 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn Dave_Wylie 8 Questions 21 Answers 0 Best Answers 19 Points View Profile Dave_Wylie Bronze contributor 2021-01-27T18:58:29+01:00Added an answer on January 27, 2021 at 6:58 pm As indicated by Tash, it is better it is sperate. The key to the DPA (Data Protection Addendum) is it is just that to a contract; an addendum. It enhances and adds specific in depth detail to the specific interaction with the client that it is written for, and so should be quite different to other clients DPA’s and indeed the standard terms and clauses that will form the rest of the “standard applicable to all” legal documents which are the “bones” of the contractual interaction. Think of the DPA it as the meat on the bones with regards to the Data Protection part of the contract with the juicy bits. Being separate allows for it to be easily reviewed at any stage of the engagement without affecting the “bones” agreements if it is required to be so. 1 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn Serif Zjakic 0 Questions 5 Answers 0 Best Answers 5 Points View Profile Serif Zjakic Rising star contributor 2021-01-28T11:23:20+01:00Added an answer on January 28, 2021 at 11:23 am It does not need to be a standalone document. It can be part of Main agreement, but it has to have all necessary GDPR requirements. Creating a checklist which can be used to see does that Main agreement has all requirements if template from third party is used is helpful to business, you or anyone who is reviewing that agreement. 0 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn Leave an answerCancel replyYou must login to add an answer. Username or email* Password* Captcha* What is 5 + 2? Remember Me! Forgot Password?