Data processing agreement (controller-processor)

This data processing agreement has been designed to help data controllers to transfer personal data to data processors in a way that complies with the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) and/or the GDPR as transposed into UK law.

This agreement may be used to supplement a separate services contract, whether pre-existing or not.

This basic document covers the specific obligations set out in the GDPR, but does not include some of the more detailed provisions that are typically found in data processing agreements covering business-critical, high volume or sensitive personal data processing. In addition, this document does not cover controller or processor company group structures; nor does it cover liabilities/indemnities, audit rights or co-operation rights in any detail.

A word of warning: the GDPR is a complex piece of legislation, and EU member states are free in some areas to apply standards for the protection of personal data that are stricter than those set out in the GDPR. There are also differences between the original EU GDPR and the UK version. Fines under the GDPR may be large and private individuals may seek damages in respect of breaches. Accordingly, we recommend that you take legal advice on all aspects of GDPR compliance, including your data processing contract arrangements.

Ask about this document

Data processing agreement (controller-processor) contents

Definitions: definitions.
Supplemental:
Agreement
supplements main contract; definitions in main contract; conflict between
Agreement
and main contract; breach of
Agreement
deemed to be breach of main contract; breach of main contract deemed to be breach of
Agreement
; termination with main contract; main contract termination.
Term: commencement of term; end of term.
Data protection: compliance with data protection laws; warranty of
Controller
's right to disclose personal data (GDPR); details of personal data processed by
the Processor
(GDPR); purposes of processing of personal data by
the Processor
(GDPR); duration of personal data processing by
Processor
(GDPR); personal data processed by
Processor
on instructions (GDPR); authorised international transfers of personal data (GDPR); informing
Controller
of illegal instructions (GDPR); personal data processed by
Processor
as required by law (GDPR); confidentiality obligations on
Processor
persons processing personal data (GDPR); security of personal data processed by
Processor
(GDPR); appointment of sub-processor by
Processor
(GDPR); authorisation for
Processor
to appoint sub-processors (GDPR);
Processor
to assist with exercise of data subject rights (GDPR);
Processor
to assist with compliance (GDPR); obligation to notify
Controller
of personal data breach (GDPR);
Processor
to provide data protection compliance information (GDPR); deletion of personal data by
Processor
(GDPR);
Processor
to allow audit (GDPR); changes to data protection law.
Limits upon exclusions of liability: caveats to limits of liability.
Termination: termination by either party without cause; termination by either party upon breach; termination upon insolvency.
Effects of termination: surviving provisions upon termination; termination does not affect accrued rights.
Notices: methods and deemed receipt of contractual notices; contact details for contractual notices; substitute contact details for notices.
General: no waiver; severability; variation written and signed; no assignment without written consent; no third party rights; entire agreement; governing law; exclusive jurisdiction.
Interpretation: statutory references; section headings not affecting interpretation; calendar month meaning; no ejusdem generis.

SCHEDULE 1 (DATA PROCESSING INFORMATION)

Categories of data subject: prompt for categories of data subject.
Types of Personal Data: prompt for types of personal data.
Purposes of processing: prompt for personal data processing purposes.
Security measures for Personal Data: prompt for security measures for personal data.
Sub-processors of Personal Data: prompt for identifying sub-processors of personal data.

SCHEDULE 2 (STANDARD CONTRACTUAL CLAUSES)

Prompt for standard contractual clauses.

Data processing agreement (controller-processor) document editor preview

This is a shortened preview of the editor interface; once you create your instance you'll be able to edit the full document in our online editor.

Data processing agreement (controller-processor) document preview

This is a shortened preview of the DOCX output; once you create your instance you'll be able to download the full document in PDF, HTML, RTF and/or DOCX (Microsoft Word) format.

Which licence should I choose?

Version	1.8
First published	25 Aug 2017
Last updated	23 Jan 2023
Law	English law and EU law
Language	English (UK)
^†Word count	5,315
^†Template pages	9

† These figures are approximations.

Privacy law Data protection law Software services Agreement

Data processing agreements

	Free licence	Standard licence	Extended licence	Professional licence
Number of document instances	1	1	5	25
Number of websites or digital products	1	1	5	25
Sub-licences permitted	None	1	5	25
Document licence period	No expiry	No expiry	No expiry	No expiry
Credit for Docular	Yes	No	No	No

Number of document instances

Document templates are the products available for sale on this website; whereas document instances are "clones" of the templates, which you can edit using Docular's online editor and export from the website.

We will update our document templates from time to time, but this will not affect your document instances. When you create a document instance, it will be based upon the latest version of the underlying document template at the time of creation of the instance, irrespective of your date of purchase.

You can save your document instance to our servers at any time, and return to editing later. Once you are happy with your editing, you can export the document and save it to your computer.

Number of websites or digital products

The licences include numerical limits upon: (a) the number of websites (including cloud services) on which documents may be published; and (b) the number of digital products (such as software programs) with which documents may be distributed.

Sub-licences permitted

All of our paid licences allow you to sub-license to a client of yours the right to use a document created using Docular.

When you sub-license that right, it becomes attached to the particular client. The number of sub-licences you may grant is numerically limited and, again, the limitation corresponds to the document instance limitation.

Document licence period

This is the period of the licence to use documents created using and exported from the Docular online editor. In short, the licences do not expire. There are no ongoing licence fees.

Credit for Docular

Each free template includes a textual credit for Docular (eg "this document was created using Docular") and you must retain that credit in all versions of the document.

Legal T&Cs

For full details of the licensing rules governing the use of Docular templates, instances and exports, see our terms and conditions.

Data processing agreement (controller-processor)

This data processing agreement has been designed to help data controllers to transfer personal data to data processors in a way that complies with the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) and/or the GDPR as transposed into UK law.

Data processing agreement (controller-processor) contents

Data processing agreements

Related documents