dataavtale

A dataavtale is a contractual agreement that governs the processing of personal data between data controllers and data processors, or between organizations that share data. It defines the purposes of processing, the categories of data involved, and the duration of the processing. The arrangement helps ensure compliance with privacy laws, notably the GDPR in the European Union and the European Economic Area, as well as national implementations such as Norway’s Personal Data Act.

A dataavtale typically covers roles and responsibilities, descriptions of the processing activities, the lawful basis for

Legal context and purpose: under GDPR Article 28, a data processing agreement is required whenever a processor

Practical considerations: organizations should use standard templates, conduct data mapping and DPIAs for high-risk processing, minimize