Microsoft Dynamics 365 Data Processing Agreement

If you`re considering using Microsoft Dynamics 365 for your business, it`s important to familiarize yourself with the data processing agreement (DPA) that comes with it. A DPA is a contract between a data controller (you) and a data processor (Microsoft) that outlines how personal data will be processed, stored, and protected. In this article, we`ll discuss the key elements of the Microsoft Dynamics 365 DPA and why it`s important for your business.

Scope of the Agreement

The Microsoft Dynamics 365 DPA applies to all personal data that Microsoft processes on your behalf. This includes data that you upload to Dynamics 365, as well as data that is generated through the use of its various features and functionalities. The DPA also covers any third-party service providers that Microsoft uses to process your data.

Data Processing Obligations

Under the DPA, Microsoft is required to process your personal data in accordance with your instructions. This means that you have the right to specify how your data is used, stored, and deleted. Microsoft is also required to implement appropriate technical and organizational measures to ensure the security of your data.

Data Subject Rights

The DPA also outlines how Microsoft will handle requests from data subjects (i.e. individuals whose personal data is being processed). Data subjects have the right to access their personal data, request that it be corrected or deleted, and object to its processing. Microsoft is required to support these rights and provide you with the necessary tools to fulfill them.


Microsoft may use third-party sub-processors to process your personal data. The DPA requires Microsoft to ensure that these sub-processors have adequate security and data protection measures in place. Microsoft is also required to notify you if it engages a new sub-processor and provide you with the opportunity to object.

Data Breach Notification

The DPA requires Microsoft to notify you without undue delay in the event of a data breach that affects your personal data. Microsoft is also required to cooperate with you in investigating the breach and taking appropriate measures to mitigate any harm caused.


In conclusion, the Microsoft Dynamics 365 DPA is an essential part of your data protection strategy. By outlining the rights and obligations of both you and Microsoft, the DPA provides a framework for secure and responsible data processing. As a professional, it`s important to ensure that any content related to the Microsoft Dynamics 365 DPA is clear, concise, and informative for readers. By doing so, you can help businesses make informed decisions about their data protection practices.