Data processing addendum (controller-processor)

Price:  £32.50(Inc. 20% VAT)(£27.08 Exc. VAT)

This addendum will supplement and revise an existing agreement between a controller and processor, helping the parties to comply with the GDPR.

Author: Alasdair Taylor
Updated: 4 January 2021
Length: 7 pages
Notes: 8 pages
Format: MS Word (.DOC)

Consider this template data processing addendum if you need to bring an existing contract into line with the General Data Protection Regulation (GDPR) - in either its original EU or derivative UK form.

This document should however only be used where one party to the contract is a controller and the other is a processor with respect to data transferred under the contract. It should not be used for processor-to-processor or controller-to-controller transfers.

In preparing this addendum, we have tracked the specific requirements of Article 28 of the GDPR closely. Accordingly, the addendum incorporates a limitation on the processor acting otherwise than in accordance with the written instructions of the controller. It also includes limitations on international transfers of personal data, a requirement that confidentiality obligations be placed upon people who can access the data and security requirements.


  1. Definitions
  2. This Addendum and the Agreement
  3. Data protection
  4. Surviving provisions


  1. Categories of data subject
  2. Types of Personal Data
  3. Purposes of processing
  4. Security measures for Personal Data
  5. Sub-processors of Personal Data


A copy of this data processing addendum (controller to processor) is included in the following pack:

Be the first to write a review of this template using our brand new review system.