Data processing agreement (controller-processor)

Price: £45.00(Inc. 20% VAT)(£37.50 Exc. VAT)

(1 Review)

An agreement to help businesses comply with data protection law, including the General Data Protection Regulation (GDPR).

Description
Contents
Q&A
Packs
Reviews

Author:	Alasdair Taylor
Updated:	4 July 2018
Length:	10 pages
Notes:	11 pages
Format:	MS Word (.DOCX)

This agreement will help data controllers to transfer personal data to data processors in a GDPR-compliant manner.

This document may be used as a stand-alone processing agreement, but more commonly it will be used to supplement and existing contract under which data, including personal data, is processed.

The approach we have taken in preparing this document is to closely shadow the requirements of the GDPR. Clauses included in the agreement cover, for example, the obligation on the processor to act only on the instructions of the data controller in relation to the processing of the data, and to delete the personal data after the end of the contract.

The "variables" which may be associated with a data processing agreement, such as identification of data subject categories, are set out in a schedule to the agreement. Another optional schedule may be used to add the standard contractual clauses for international transfers into the agreement.

Definitions
Supplemental
Term
Consideration
Data protection
Limits upon exclusions of liability
Termination
Effects of termination
Notices
General
Interpretation

SCHEDULE 1 (DATA PROCESSING INFORMATION)

Categories of data subject
Types of Personal Data
Purposes of processing
Security measures for Personal Data
Sub-processors of Personal Data

SCHEDULE 2 (MODEL CONTRACTUAL CLAUSES)

Does this document reflect the requirements of the GDPR?

Yes, this is a GDPR-friendly processing agreement. Remember, however, that there is much more to GDPR compliance than having the correct contracts in place.

Can this document be used for processor-to-subprocessor contracts?

It would not be too difficult to adapt for these circumstances, but some changes would be needed – for instance there are at the time of writing no relevant "standard clauses" for international transfers from a processor to a subprocessor.

A copy of this data processing agreement (controller-processor) is included in this pack:

GDPR pack

Average rating (1 Review):

write a review and share your opinions!

Rating:

Excellent and easy to use

Friday, 21 December 2018 | Alexander

1 hour with this template and I had a more comprehensive DPA than anything I've seen from our clients - and that includes top tier law firms. It's clear, simple and by default includes a wide variety of eventualities. Thank you.

Response:

Thanks very much for the review Alexander - really appreciated. The main issue I see with customer DPAs is that they often seek to impose specific procedural obligations on services providers in relation to matters which affect large numbers of other customers (e.g. in relation to the appointment of sub-processors). It usually makes more sense for the services provider to prepare the DPA.

Customers who bought this item also bought:

Privacy and cookies policy: £17.50
Personal data breach notification policy: £32.50
Data processing agreement (processor-sub-processor): £45.00

Top selling templates

1. Privacy and cookies policy

2. Website terms and conditions

3. Non disclosure agreement (unilateral)

4. Consultancy agreement

5. SaaS terms and conditions

Top selling packs

1. Online shop pack

2. GDPR pack

3. SaaS pack

4. Software developer pack

5. Business pack