An data processing agreements regulates the exchange of personal data between the client and the contractor.
In principle, a data processing agreements must be concluded with every service provider, provided that the service provider potentially has access to personal data and processes the data exclusively on the instruction of and for the purposed of he persons responsible. The person responsible is someone who exclusively or together with others decides on the means and purposes of the processing of personal data. Here, the decision on the processing purposes is significant, while the decision on the technical-organizational issues of the processing can also be delegated to the processor.
For example, an data processing agreements regulates which personal data an advertising agency receives, what this data may be used for (e.g., only to send one-off Christmas cards), and how this personal data must be protected by the advertising agency.