We have wealth of experience drafting data processing agreements for organisations both large and small. DPAs can be onerous and even non-compliant and organisations need to be careful what they put into a DPA as it is legally binding and if not done correctly can be non-compliant.
We have worked with lawyers and general counsels and helped them draft and improve DPAs. Even larger Controllers have incorrect, non-compliant and onerous DPAs that they try and enforce on smaller processors. We have experience of challenging large organisations and improving the position of our clients.
We have recently challenged an international supplier of HR services on their onerous and dubious security control. After a month and review by their legal counsels, they have conceded that their DPA was not fully transparent on their security controls.