What is a DPA?
A data processing agreement, or a so-called DPA, is a legal contract between SuperMap Desktop GIS 8C and its processors. The purpose of the DPA is to lay out clear roles and obligations for the processors when handling personal data on SuperMap Desktop GIS 8C’s behalf.
Why and how should I assess this?
While the processor has obligations, ultimately the data controller is responsible for the personal data. SuperMap Desktop GIS 8C may only use processors that can sufficiently guarantee that the processing meets the requirements of the GDPR. Some things to look for in a DPA:
Processing only on documented instructions of the controller.
The DPA must set out the purpose and duration of the processing and the type of personal data and the categories of data subjects.
Appropriate security measures.
Controllers must only use vendors that can provide sufficient guarantees for the security of their processing activities.
The use of sub-processors.
The processor must not use another processor (i.e., a sub-processor) to help it process personal data without prior permission from the controller.