GDPR and Data Processing Agreements

The data processing agreement (DPA) is a document between a data controller and a data processor. The controller needs the processor services to work with his data and wants the processor to be GDPR compliant (or compliant with other international agreements, for example the EU-USA shield).

For example, if you use an external service which receiver your user’s personal data for processing and getting back a result (for example statistics, invoices, goods delivery and so on) you should find out if that third party is processing the data in the right way. The DPA could be the document that contains the rules you both agreed, so the controller is ensured the data is processed in a legal way.

Many big players already offer warranties and a DPA for their services, you can download them and there they explain in detail how they process (or not process at all) all the data you send them or store in their systems.

If you purchased our professional extension or just use the free plugin version, there is no DPA required between you and the Newsletter plugin. We DO NOT process the personal data you collect with the Newsletter plugin or its extensions. All data is stored in your blog so if you need a DPA you should ask it to your hosting provider, who owns the machines where the blog and the database are located.