DPA (Data Processing Agreement)

Every customer subscription that involves personal data needs a DPA. Standard contents: scope and purpose of processing, sub-processor list, security measures, breach-notification commitments, return-or-destruction at termination. In the data room, a clean DPA template plus a complete list of customer-signed DPAs is table stakes.