Register
Forgotten password?

A family of Data processing agreementsdocumentsData processing agreements

Data processing agreements between controllers of personal data and their processors have long been a requirement of EU data protection law, but with the coming of the General Data Protection Regulation (GDPR) they have become more prominent. GDPR-friendly data processing agreements also tend to be longer and more complex than pre-GDPR documents. These templates are designed to help you produce a compliant document with the minimum of fuss. They track the specific requirements of the GDPR very closely, and only supplement those requirements in a few important areas.

Data processing agreement (processor-sub-processor)

FROM

£40.00

OR

40

CREDITS
Buy
Version 1.1
First published 28 Feb 2018
Last updated 3 Jul 2018
Word count 5,187
Template pages 9

Data processing agreement (controller-processor)

FROM

£40.00

OR

40

CREDITS
Buy
Version 1.5
First published 25 Aug 2017
Last updated 3 Jul 2018
Word count 5,153
Template pages 9

Compare contents

Data processing agreement (processor-sub-processor) contents

  1. Definitions: definitions.
  2. Supplemental:
    Agreement
     supplements main contract; definitions in main contract; conflict between 
    Agreement
     and main contract; breach of 
    Agreement
     deemed to be breach of main contract; breach of main contract deemed to be breach of 
    Agreement
    ; termination with main contract; main contract termination.
  3. Term: commencement of term; end of term.
  4. Data protection: compliance with data protection laws; warranty of
    Processor
    's right to disclose personal data (GDPR); details of personal data processed by 
    the Sub-Processor
     (GDPR); purposes of processing of personal data by 
    the Sub-Processor
     (GDPR); duration of personal data processing by
    Sub-Processor
    (GDPR); personal data processed by
    Sub-Processor
    on instructions (GDPR); authorised international transfers of personal data (GDPR); informing 
    Processor
     of illegal instructions (GDPR); personal data processed by
    Sub-Processor
    as required by law (GDPR); confidentiality obligations on
    Sub-Processor
     persons processing personal data (GDPR); security of personal data processed by 
    Sub-Processor
     (GDPR); appointment of sub-processor by
    Sub-Processor
    (GDPR); authorisation for
    Sub-Processor
    to appoint sub-processors (GDPR);
    Sub-Processor
     to assist with exercise of data subject rights (GDPR);
    Sub-Processor
     to assist with compliance (GDPR); obligation to notify 
    Processor
    of personal data breach (GDPR);
    Sub-Processor
     to provide data protection compliance information (GDPR); deletion of personal data by 
    Sub-Processor
     (GDPR);
    Sub-Processor
     to allow audit (GDPR); changes to data protection law.
  5. Limits upon exclusions of liability: caveats to limits of liability.
  6. Termination: termination by either party without cause; termination by either party upon breach; termination upon insolvency.
  7. Effects of termination: surviving provisions upon termination; termination does not affect accrued rights.
  8. Notices: methods and deemed receipt of contractual notices; contact details for contractual notices; substitute contact details for notices.
  9. General: no waiver; severability; variation written and signed; no assignment without written consent; no third party rights; entire agreement; governing law; exclusive jurisdiction.
  10. Interpretation: statutory references; section headings not affecting interpretation; calendar month meaning; no ejusdem generis.

SCHEDULE 1 (DATA PROCESSING INFORMATION)

  1. Categories of data subject: prompt for categories of data subject.
  2. Types of Personal Data: prompt for types of personal data.
  3. Purposes of processing: prompt for personal data processing purposes.
  4. Security measures for Personal Data: prompt for security measures for personal data.
  5. Sub-processors of Personal Data: prompt for identifying sub-processors of personal data.

Data processing agreement (controller-processor) contents

  1. Definitions: definitions.
  2. Supplemental:
    Agreement
     supplements main contract; definitions in main contract; conflict between 
    Agreement
     and main contract; breach of 
    Agreement
     deemed to be breach of main contract; breach of main contract deemed to be breach of 
    Agreement
    ; termination with main contract; main contract termination.
  3. Term: commencement of term; end of term.
  4. Data protection: compliance with data protection laws; warranty of
    Controller
    's right to disclose personal data (GDPR); details of personal data processed by 
    the Processor
     (GDPR); purposes of processing of personal data by 
    the Processor
     (GDPR); duration of personal data processing by
    Processor
    (GDPR); personal data processed by
    Processor
    on instructions (GDPR); authorised international transfers of personal data (GDPR); informing 
    Controller
     of illegal instructions (GDPR); personal data processed by
    Processor
    as required by law (GDPR); confidentiality obligations on
    Processor
     persons processing personal data (GDPR); security of personal data processed by 
    Processor
     (GDPR); appointment of sub-processor by
    Processor
    (GDPR); authorisation for
    Processor
    to appoint sub-processors (GDPR);
    Processor
     to assist with exercise of data subject rights (GDPR);
    Processor
     to assist with compliance (GDPR); obligation to notify 
    Controller
    of personal data breach (GDPR);
    Processor
     to provide data protection compliance information (GDPR); deletion of personal data by 
    Processor
     (GDPR);
    Processor
     to allow audit (GDPR); changes to data protection law.
  5. Limits upon exclusions of liability: caveats to limits of liability.
  6. Termination: termination by either party without cause; termination by either party upon breach; termination upon insolvency.
  7. Effects of termination: surviving provisions upon termination; termination does not affect accrued rights.
  8. Notices: methods and deemed receipt of contractual notices; contact details for contractual notices; substitute contact details for notices.
  9. General: no waiver; severability; variation written and signed; no assignment without written consent; no third party rights; entire agreement; governing law; exclusive jurisdiction.
  10. Interpretation: statutory references; section headings not affecting interpretation; calendar month meaning; no ejusdem generis.

SCHEDULE 1 (DATA PROCESSING INFORMATION)

  1. Categories of data subject: prompt for categories of data subject.
  2. Types of Personal Data: prompt for types of personal data.
  3. Purposes of processing: prompt for personal data processing purposes.
  4. Security measures for Personal Data: prompt for security measures for personal data.
  5. Sub-processors of Personal Data: prompt for identifying sub-processors of personal data.

SCHEDULE 2 (STANDARD CONTRACTUAL CLAUSES)

    Prompt for standard contractual clauses.