Data processing addenda
These addenda should be used to complement an existing contract and bring it into line with the General Data Protection Regulation (GDPR). The GDPR is relatively prescriptive about the clauses that need to be included in contracts between controllers and processors and in contracts between between processors and sub-processors. The drafting of these documents follows the requirements of the GDPR closely.
Data processing addendum (controller-processor)
Buy | |
Version | 1.3 |
---|---|
First published | 25 Jun 2018 |
Last updated | 23 Jan 2023 |
Word count | 3,879 |
Template pages | 6 |
Data processing addendum (processor-sub-processor)
Buy | |
Version | 1.3 |
---|---|
First published | 25 Jun 2018 |
Last updated | 23 Jan 2023 |
Word count | 3,841 |
Template pages | 6 |
Compare contents
Data processing addendum (controller-processor) contents
- Definitions: definitions.
- This Addendumandthe Agreement:AddendumvariesAgreement; provisions ofAgreementceasing to have effect; definitions inAgreement; limitations of liability in contract apply to document.
- Data protection: compliance with data protection laws; warranty of Controller's right to disclose personal data (GDPR); details of personal data processed bythe Processor(GDPR); purposes of processing of personal data bythe Processor(GDPR); duration of personal data processing byProcessor(GDPR); personal data processed byProcessoron instructions (GDPR); authorised international transfers of personal data (GDPR); informingControllerof illegal instructions (GDPR); personal data processed byProcessoras required by law (GDPR); confidentiality obligations onProcessorpersons processing personal data (GDPR); security of personal data processed byProcessor(GDPR); appointment of sub-processor byProcessor(GDPR); authorisation forProcessorto appoint sub-processors (GDPR);Processorto assist with exercise of data subject rights (GDPR);Processorto assist with compliance (GDPR); obligation to notifyControllerof personal data breach (GDPR);Processorto provide data protection compliance information (GDPR); deletion of personal data byProcessor(GDPR);Processorto allow audit (GDPR); changes to data protection law.
- Surviving provisions: surviving provisions upon termination.
SCHEDULE 1 (DATA PROCESSING INFORMATION)
- Categories of data subject: prompt for categories of data subject.
- Types of
Personal Data : prompt for types of personal data. - Purposes of processing: prompt for personal data processing purposes.
- Security measures for
Personal Data : prompt for security measures for personal data. - Sub-processors of Personal Data: prompt for identifying sub-processors of personal data.
SCHEDULE 2 (STANDARD CONTRACTUAL CLAUSES)
- Prompt for standard contractual clauses.
Data processing addendum (processor-sub-processor) contents
- Definitions: definitions.
- This Addendumandthe Agreement:AddendumvariesAgreement; provisions ofAgreementceasing to have effect; definitions inAgreement; limitations of liability in contract apply to document.
- Data protection: compliance with data protection laws; warranty of Processor's right to disclose personal data (GDPR); details of personal data processed bythe Sub-Processor(GDPR); purposes of processing of personal data bythe Sub-Processor(GDPR); duration of personal data processing bySub-Processor(GDPR); personal data processed bySub-Processoron instructions (GDPR); authorised international transfers of personal data (GDPR); informingProcessorof illegal instructions (GDPR); personal data processed bySub-Processoras required by law (GDPR); confidentiality obligations onSub-Processorpersons processing personal data (GDPR); security of personal data processed bySub-Processor(GDPR); appointment of sub-processor bySub-Processor(GDPR); authorisation forSub-Processorto appoint sub-processors (GDPR);Sub-Processorto assist with exercise of data subject rights (GDPR);Sub-Processorto assist with compliance (GDPR); obligation to notifyProcessorof personal data breach (GDPR);Sub-Processorto provide data protection compliance information (GDPR); deletion of personal data bySub-Processor(GDPR);Sub-Processorto allow audit (GDPR); changes to data protection law.
- Surviving provisions: surviving provisions upon termination.
SCHEDULE 1 (DATA PROCESSING INFORMATION)
- Categories of data subject: prompt for categories of data subject.
- Types of
Personal Data : prompt for types of personal data. - Purposes of processing: prompt for personal data processing purposes.
- Security measures for
Personal Data : prompt for security measures for personal data. - Sub-processors of Personal Data: prompt for identifying sub-processors of personal data.
SCHEDULE 2 (STANDARD CONTRACTUAL CLAUSES)
- Prompt for standard contractual clauses.