Data Processing Agreements

Data processing agreements with all your vendors and customers that satisfy Article 28 GDPR and protect your position.

Who this is for

Businesses sharing personal data with third-party service providers

SaaS companies acting as data processors for customers

Organisations that have never formalised data sharing arrangements

Companies entering new vendor relationships involving personal data

What We Do

What this service covers

Practical, tailored advice for your situation.

Controller-processor DPA

Article 28-compliant DPA for your service providers.

Processor-controller DPA

DPA for when you act as processor for customers.

DPA review

Review and redline of DPAs from vendors or customers.

Sub-processor provisions

Clauses covering sub-processors and notification obligations.

Data sharing agreements

Agreements for controller-to-controller sharing.

Why Sammut Legal

Article 28 GDPR requires a written contract between controllers and processors. Many businesses are still operating without compliant DPAs.

Sammut Legal drafts DPAs that are legally compliant and commercially workable.

What to expect

Free consultation

We discuss your data sharing arrangements.

DPA audit

We identify which relationships require DPAs.

Template drafting

Standard DPAs for your most common scenarios.

Vendor review

We review and redline specific vendor DPAs.

Ongoing support

Available for DPA queries and negotiations.