Free data processing agreement

This is a free DPA or data processing agreement designed to help businesses to comply with the provisions of the UK GDPR and EU GDPR relating to contracts between controllers of personal data and processors.

The UK GDPR and the EU GDPR apply very similar requirements to these contracts. The main requirements, all reflected in this free DPA, are as follows.

Specification of processing operations - The DPA should identify the personal data that is going to be processed, the categories of data subject affected, the purposes of the processing, relevant security requirements, authorised third party disclosures and permitted international transfers.

Period of processing - The DPA should require that personal data be returned and/or deleted following the completion of the relevant services.

Instructions of the controller - The processor should be bound by the DPA to only process the personal data in accordance with the instructions of the controller.

Unlawful instructions - If an instruction of the controller relating to the processing of the data is unlawful, the processor should let the controller know in accordance with the provisions of the DPA.

Legal requirements - The processor is permitted by the DPA to process the personal data where required to do so by the relevant applicable law (e.g. UK legal requirements applying to processing happening under the UK GDPR).

Confidentiality - The processor must ensure that persons authorised to process the data are under appropriate confidentiality obligations.

Security - The DPA should require that the processor implement appropriate security measures (both technical and organisational) with respect to the data.

Assistance - The processor must, under the DPA, take appropriate measures to assist the controller with the fulfilment of the controller's obligations relating to data subject rights. The processor must also assist the controller in relation to compliance with the obligations of the controller relating to the security of processing of personal data, the notification of personal data breaches to the supervisory authority, the communication of personal data breaches to the data subject, data protection impact assessments and prior consultation in relation to high-risk processing.

Breach notification - The DPA requires that personal data breaches be notified by the processor to the controller within a pre-defined timeframe (of 72 hours or less).

information and audit - The controller is entitled to audit the processor's compliance with its obligations under the DPA. The processor must facilitate such audits, and must provide to the controller all such information as is necessary to demonstrate compliance.

This free DPA assumes that the controller and processor have entered into or will enter into a separate services agreement, covering the provision of services by the processor to the controller.

Ask about this document

Free data processing agreement contents

Definitions: definitions.
Credit: docular credit; free documents licensing warning.
Supplemental:
Agreement
supplements main contract; definitions in main contract; conflict between
Agreement
and main contract; breach of
Agreement
deemed to be breach of main contract; breach of main contract deemed to be breach of
Agreement
; termination with main contract; main contract termination.
Term: commencement of term; end of term.
Data protection: compliance with data protection laws; warranty of
Controller
's right to disclose personal data (GDPR); details of personal data processed by
the Processor
(GDPR); purposes of processing of personal data by
the Processor
(GDPR); duration of personal data processing by
Processor
(GDPR); personal data processed by
Processor
on instructions (GDPR); authorised international transfers of personal data (GDPR); informing
Controller
of illegal instructions (GDPR); personal data processed by
Processor
as required by law (GDPR); confidentiality obligations on
Processor
persons processing personal data (GDPR); security of personal data processed by
Processor
(GDPR); appointment of sub-processor by
Processor
(GDPR); authorisation for
Processor
to appoint sub-processors (GDPR);
Processor
to assist with exercise of data subject rights (GDPR);
Processor
to assist with compliance (GDPR); obligation to notify
Controller
of personal data breach (GDPR);
Processor
to provide data protection compliance information (GDPR); deletion of personal data by
Processor
(GDPR);
Processor
to allow audit (GDPR); changes to data protection law.
Limits upon exclusions of liability: caveats to limits of liability.
Termination: termination by either party without cause; termination by either party upon breach; termination upon insolvency.
Effects of termination: surviving provisions upon termination; termination does not affect accrued rights.
Notices: methods and deemed receipt of contractual notices; contact details for contractual notices; substitute contact details for notices.
General: no waiver; severability; variation written and signed; no assignment without written consent; no third party rights; entire agreement; governing law; exclusive jurisdiction.
Interpretation: statutory references; section headings not affecting interpretation; calendar month meaning; no ejusdem generis.

SCHEDULE 1 (DATA PROCESSING INFORMATION)

Categories of data subject: prompt for categories of data subject.
Types of Personal Data: prompt for types of personal data.
Purposes of processing: prompt for personal data processing purposes.
Security measures for Personal Data: prompt for security measures for personal data.
Sub-processors of Personal Data: prompt for identifying sub-processors of personal data.

SCHEDULE 2 (STANDARD CONTRACTUAL CLAUSES)

Prompt for standard contractual clauses.

Free data processing agreement document editor preview

This is a shortened preview of the editor interface; once you create your instance you'll be able to edit the full document in our online editor.

Free data processing agreement document preview

This is a shortened preview of the DOCX output; once you create your instance you'll be able to download the full document in PDF, HTML, RTF and/or DOCX (Microsoft Word) format.

Version	1.0
First published	24 Jan 2023
Law	English law and EU law
Language	English (UK)
^†Word count	5,540
^†Template pages	9

† These figures are approximations.

Privacy law Data protection law Software services Agreement Free document

Data processing agreements

We do not limit the number of copies of a template you can make on your own computer. Nor do they limit the number of times you can print and sign a document. We do however limit the number of copies of a template you can create in the Docular editor, and also the number of websites / digital products with respect to which a template may be used.

There are four different licences under which you can access a Docular template.

	Free licence	Standard licence	Extended licence	Professional licence
Number of document instances	1	1	5	25
Number of websites or digital products	1	1	5	25
Sub-licences permitted	None	1	5	25
Document licence period	No expiry	No expiry	No expiry	No expiry
Credit for Docular	Yes	No	No	No

Number of document instances

Document templates are the products available for sale on this website; whereas document instances are "clones" of the templates, which you can edit using Docular's online editor and export from the website.

We will update our document templates from time to time, but this will not affect your document instances. When you create a document instance, it will be based upon the latest version of the underlying document template at the time of creation of the instance, irrespective of your date of purchase.

You can save your document instance to our servers at any time, and return to editing later. Once you are happy with your editing, you can export the document and save it to your computer.

Number of websites or digital products

The licences include numerical limits upon: (a) the number of websites (including cloud services) on which documents may be published; and (b) the number of digital products (such as software programs) with which documents may be distributed.

Sub-licences permitted

All of our paid licences allow you to sub-license to a client of yours the right to use a document created using Docular.

When you sub-license that right, it becomes attached to the particular client. The number of sub-licences you may grant is numerically limited and, again, the limitation corresponds to the document instance limitation.

Document licence period

This is the period of the licence to use documents created using and exported from the Docular online editor. In short, the licences do not expire. There are no ongoing licence fees.

Credit for Docular

Each free template includes a textual credit for Docular (eg "this document was created using Docular") and you must retain that credit in all versions of the document.

Legal T&Cs

For full details of the licensing rules governing the use of Docular templates, instances and exports, see our terms and conditions.