Author: | Alasdair Taylor |
Updated: | 4 January 2021 |
Length: | 7 pages |
Notes: | 8 pages |
Format: | MS Word (.DOC) |
Consider this template data processing addendum if you need to bring an existing contract into line with the General Data Protection Regulation (GDPR) - in either its original EU or derivative UK form.
This document should however only be used where one party to the contract is a controller and the other is a processor with respect to data transferred under the contract. It should not be used for processor-to-processor or controller-to-controller transfers.
In preparing this addendum, we have tracked the specific requirements of Article 28 of the GDPR closely. Accordingly, the addendum incorporates a limitation on the processor acting otherwise than in accordance with the written instructions of the controller. It also includes limitations on international transfers of personal data, a requirement that confidentiality obligations be placed upon people who can access the data and security requirements.