Register
Forgotten password?

A family of Data processing addendadocumentsData processing addenda

These addenda should be used to complement an existing contract and bring it into line with the General Data Protection Regulation (GDPR). The GDPR is relatively prescriptive about the clauses that need to be included in contracts between controllers and processors and in contracts between between processors and sub-processors. The drafting of these documents follows the requirements of the GDPR closely.

Data processing addendum (controller-processor)

FROM

£30.00

OR

30

CREDITS
Buy
Version 1.3
First published 25 Jun 2018
Last updated 23 Jan 2023
Word count 3,879
Template pages 6

Data processing addendum (processor-sub-processor)

FROM

£30.00

OR

30

CREDITS
Buy
Version 1.3
First published 25 Jun 2018
Last updated 23 Jan 2023
Word count 3,841
Template pages 6

Compare contents

Data processing addendum (controller-processor) contents

  1. Definitions: definitions.
  2. This Addendum
     and 
    the Agreement
    :
    Addendum
     varies 
    Agreement
    ; provisions of 
    Agreement
     ceasing to have effect; definitions in 
    Agreement
    ; limitations of liability in contract apply to document.
  3. Data protection: compliance with data protection laws; warranty of
    Controller
    's right to disclose personal data (GDPR); details of personal data processed by 
    the Processor
     (GDPR); purposes of processing of personal data by 
    the Processor
     (GDPR); duration of personal data processing by
    Processor
    (GDPR); personal data processed by
    Processor
    on instructions (GDPR); authorised international transfers of personal data (GDPR); informing 
    Controller
     of illegal instructions (GDPR); personal data processed by
    Processor
    as required by law (GDPR); confidentiality obligations on
    Processor
     persons processing personal data (GDPR); security of personal data processed by 
    Processor
     (GDPR); appointment of sub-processor by
    Processor
    (GDPR); authorisation for
    Processor
    to appoint sub-processors (GDPR);
    Processor
     to assist with exercise of data subject rights (GDPR);
    Processor
     to assist with compliance (GDPR); obligation to notify 
    Controller
    of personal data breach (GDPR);
    Processor
     to provide data protection compliance information (GDPR); deletion of personal data by 
    Processor
     (GDPR);
    Processor
     to allow audit (GDPR); changes to data protection law.
  4. Surviving provisions: surviving provisions upon termination.

SCHEDULE 1 (DATA PROCESSING INFORMATION)

  1. Categories of data subject: prompt for categories of data subject.
  2. Types of Personal Data: prompt for types of personal data.
  3. Purposes of processing: prompt for personal data processing purposes.
  4. Security measures for Personal Data: prompt for security measures for personal data.
  5. Sub-processors of Personal Data: prompt for identifying sub-processors of personal data.

SCHEDULE 2 (STANDARD CONTRACTUAL CLAUSES)

    Prompt for standard contractual clauses.

Data processing addendum (processor-sub-processor) contents

  1. Definitions: definitions.
  2. This Addendum
     and 
    the Agreement
    :
    Addendum
     varies 
    Agreement
    ; provisions of 
    Agreement
     ceasing to have effect; definitions in 
    Agreement
    ; limitations of liability in contract apply to document.
  3. Data protection: compliance with data protection laws; warranty of
    Processor
    's right to disclose personal data (GDPR); details of personal data processed by 
    the Sub-Processor
     (GDPR); purposes of processing of personal data by 
    the Sub-Processor
     (GDPR); duration of personal data processing by
    Sub-Processor
    (GDPR); personal data processed by
    Sub-Processor
    on instructions (GDPR); authorised international transfers of personal data (GDPR); informing 
    Processor
     of illegal instructions (GDPR); personal data processed by
    Sub-Processor
    as required by law (GDPR); confidentiality obligations on
    Sub-Processor
     persons processing personal data (GDPR); security of personal data processed by 
    Sub-Processor
     (GDPR); appointment of sub-processor by
    Sub-Processor
    (GDPR); authorisation for
    Sub-Processor
    to appoint sub-processors (GDPR);
    Sub-Processor
     to assist with exercise of data subject rights (GDPR);
    Sub-Processor
     to assist with compliance (GDPR); obligation to notify 
    Processor
    of personal data breach (GDPR);
    Sub-Processor
     to provide data protection compliance information (GDPR); deletion of personal data by 
    Sub-Processor
     (GDPR);
    Sub-Processor
     to allow audit (GDPR); changes to data protection law.
  4. Surviving provisions: surviving provisions upon termination.

SCHEDULE 1 (DATA PROCESSING INFORMATION)

  1. Categories of data subject: prompt for categories of data subject.
  2. Types of Personal Data: prompt for types of personal data.
  3. Purposes of processing: prompt for personal data processing purposes.
  4. Security measures for Personal Data: prompt for security measures for personal data.
  5. Sub-processors of Personal Data: prompt for identifying sub-processors of personal data.

SCHEDULE 2 (STANDARD CONTRACTUAL CLAUSES)

    Prompt for standard contractual clauses.