# DPA checklist

1. Annex I: parties, subject matter, duration, processing nature, and data categories.
2. Annex II: technical and organizational measures with dated security evidence.
3. Annex III: subprocessors, purpose, location, and notice/update process.
4. Audit rights: scope, notice, confidentiality, and evidence-room workflow.
5. Review record: owner, counsel reviewer, last reviewed date, and next review cadence.

Generated by PrivaBase. This template is educational and not legal advice.