Compliance & security
DPA (Data Processing Agreement)
GDPR-required contract between you (controller) and the vendor (processor).
A Data Processing Agreement is the GDPR equivalent of the US BAA: a contract that binds the vendor (processor) to specific terms when handling personal data on your behalf (as controller). Critical for any EU healthcare deployment.
See also
- GDPR โ EU data-protection law โ non-negotiable for any EU healthcare deployment.
- BAA (Business Associate Agreement) โ Contract that makes a vendor legally responsible for HIPAA-protected data they touch.
- Sub-processor โ A third party the vendor uses to process your data (cloud, LLM provider, etc.).