This agreement will help data controllers to transfer personal data to data processors in a GDPR-compliant manner.
This document may be used as a stand-alone processing agreement, but more commonly it will be used to supplement and existing contract under which data, including personal data, is processed.
The approach we have taken in preparing this document is to closely shadow the requirements of the GDPR. Clauses included in the agreement cover, for example, the obligation on the processor to act only on the instructions of the data controller in relation to the processing of the data, and to delete the personal data after the end of the contract.
The "variables" which may be associated with a data processing agreement, such as identification of data subject categories, are set out in a schedule to the agreement. Another optional schedule may be used to add the standard contractual clauses for international transfers into the agreement.