Privacy pillar · v0.16.0
dpa DataProcessingAgreement
DPA record.
$id · https://corpospec.com/schemas/v0.16.0/dpa.schema.json
Fields
| Field | Type | Required | Description |
|---|---|---|---|
| art28_obligations_present | boolean | yes | Whether the eight Art. 28(3) processor obligations are contractually present (boolean flag; the artefact is the authoritative source). |
| audit_rights | string | yes | Audit rights regime (e.g. "30-day notice; financial audit independent third party"). |
| confidentiality | Confidentiality | yes | Cross-cutting confidentiality classification used across privacy, security, knowledge, IR pillars. Default rendering rule: `corpospec-report` excludes `Restricted | BoardOnly | InvestorOnly` records from public output unless an explicit audience parameter overrides. See BDR 0076 §1. |
| controller | PathRef | yes | PathRef to controller entity. |
| data_categories | string[] | yes | Art. 28(3)(c) types of personal data. |
| duration | string | yes | Art. 28(3)(a) duration (free-form, e.g. "during master services agreement term + 30 days"). |
| effective_from | IsoDate | yes | ISO 8601 date (YYYY-MM-DD). |
| id | PathRef | yes | Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$` |
| nature_and_purpose | string | yes | Art. 28(3)(b) nature and purpose. |
| processor_jurisdiction | IsoCountry | yes | ISO 3166-1 alpha-2 country code. |
| processor_name | string | yes | Name of processor (counterparty). |
| retention_until | IsoDate | yes | Retention: 10 years (HGB §257) + 3 years from termination (BGB §195). |
| signed_on | IsoDate | yes | Date the DPA was signed. |
| status | DpaRecordStatus | yes | DPA lifecycle. |
| subject_categories | string[] | yes | Art. 28(3)(d) categories of data subjects. |
| subject_matter | string | yes | Art. 28(3)(a) subject matter. |
| subprocessor_authorisation | SubprocessorAuthorisation | yes | Sub-processor authorisation regime (Art. 28(2)). |
| subprocessors | Subprocessor[] | yes | |
| effective_to | IsoDate? | — | |
| processing_record_ref | PathRef? | — | Reference to the underlying processing record (Art. 30 ROPA). |
| signed_document | PathRef? | — | PathRef to the signed DPA PDF. |
| transfer_mechanism | string? | — | International transfer instrument (None when not applicable). |
Definitions
Shared types referenced within this schema.
Confidentiality
Cross-cutting confidentiality classification used across privacy,
security, knowledge, IR pillars. Default rendering rule: `corpospec-report`
excludes `Restricted | BoardOnly | InvestorOnly` records from public output
unless an explicit audience parameter overrides. See BDR 0076 §1.
DpaRecordStatus
DPA lifecycle.
enum: "draft", "in_review", "signed", "active", "terminated", "superseded"
IsoCountry
ISO 3166-1 alpha-2 country code.
pattern: ^[A-Z]{2}$
IsoDate
ISO 8601 date (YYYY-MM-DD).
type: string
PathRef
Path-based cross-reference relative to .corpospec/ root.
Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`
pattern: ^[a-z0-9_-]+(/[a-z0-9_.-]+)+$
Subprocessor
One contracted sub-processor.
type: object
SubprocessorAuthorisation
Sub-processor authorisation regime.
Reference in your YAML
# yaml-language-server: $schema=https://corpospec.com/schemas/v0.16.0/dpa.schema.json