Data Processing Agreements / Operators Agreements are required in the Protection of Personal Information Act (POPIA). POPIA requires all businesses that share personal information with third parties/operators to have a Data Processing Agreement in place with the third parties/operators.
Third parties /operators are defined as a person or business who processes personal information for a responsible party (the business) in terms of a contract or mandate without coming under the direct authority of that party. Examples of operators include IT service providers, auditors, or bookkeepers and sub-contractors.
Data Processing Agreements stipulate that the business shares personal information with the third party/operator for specific purposes. The third-party/operator cannot use that information for anything other than the purpose they have received it. The Data Processing Agreement also sets out the security measures the third-party/operator must have in place to protect the personal information in their possession.
It is typically not sufficient to have a non-disclosure agreement (NDA), confidentiality clauses or a few paragraphs dealing with data protection in an existing service-level agreement or another contract. Businesses need specialised clauses to comply with a Data Processing Agreement requirement in terms of POPIA.
To find out how SEESA can help your business visit our website at:
#TeamSEESA