Scribd
Upload
49 views

GDPR Data Processing Agreement

This document outlines a Data Processing Agreement (DPA) between a Data Controller and Data Processor to ensure compliance with the General Data Protection Regulation (GDPR). The DPA defines key terms, sets obligations for the Data Processor including following instructions and implementing security measures, and covers aspects like subprocessing, data transfers, duration, amendments and jurisdiction. The conclusion reaffirms the commitment of both parties to fulfilling their obligations under the agreement to safeguard personal data.

Uploaded by

Gajanan Pilatre
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
49 views

GDPR Data Processing Agreement

This document outlines a Data Processing Agreement (DPA) between a Data Controller and Data Processor to ensure compliance with the General Data Protection Regulation (GDPR). The DPA defines key terms, sets obligations for the Data Processor including following instructions and implementing security measures, and covers aspects like subprocessing, data transfers, duration, amendments and jurisdiction. The conclusion reaffirms the commitment of both parties to fulfilling their obligations under the agreement to safeguard personal data.

Uploaded by

Gajanan Pilatre
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

GDPR Data Processing Agreement

1. Introduction
This Data Processing Agreement (DPA) sets out the terms and conditions for the processing
of personal data by [Data Processor Name] on behalf of [Data Controller Name], in
accordance with the requirements of the General Data Protection Regulation (GDPR).
2. Definitions
 Data Controller: The natural or legal person who determines the purposes and
means of the processing of personal data.
 Data Processor: The natural or legal person who processes personal data on behalf
of the data controller.
 Personal Data: Any information relating to an identified or identifiable natural
person ('data subject').
3. Scope
This DPA applies to all personal data processed by the Data Processor on behalf of the Data
Controller, as outlined in the Data Processing Agreement between the parties.
4. Obligations of the Data Processor
 Compliance with Instructions: The Data Processor shall process personal data only
on documented instructions from the Data Controller, including regarding transfers
of personal data to a third country or an international organization.
 Confidentiality: The Data Processor shall ensure that persons authorized to process
personal data on its behalf are bound by confidentiality obligations.
 Security Measures: The Data Processor shall implement appropriate technical and
organizational measures to ensure the security of personal data, including protection
against unauthorized or unlawful processing and accidental loss, destruction, or
damage.
 Data Subject Rights: The Data Processor shall assist the Data Controller in
responding to requests from data subjects to exercise their rights under the GDPR,
including the rights of access, rectification, erasure, restriction of processing, data
portability, and objection.
 Data Breach Notification: The Data Processor shall notify the Data Controller
without undue delay upon becoming aware of a personal data breach, providing all
necessary information to assist the Data Controller in complying with its obligations
under the GDPR.
5. Subprocessing
The Data Processor shall not engage another processor (subprocessor) without the prior
written authorization of the Data Controller. Where subprocessing is authorized, the Data
Processor shall ensure that the subprocessor complies with the same data protection
obligations as set out in this DPA.
6. Data Protection Impact Assessment (DPIA)
Where required by the GDPR, the Data Processor shall assist the Data Controller in carrying
out a data protection impact assessment and, where necessary, consulting with the relevant
supervisory authority.
7. Data Transfer
Any transfer of personal data to a third country or an international organization by the Data
Processor shall be subject to appropriate safeguards as required by the GDPR.
8. Duration and Termination
This DPA shall remain in effect for the duration of the data processing activities and any
subsequent period required by applicable law. It may be terminated by either party in
accordance with the terms of the Data Processing Agreement or by mutual agreement of
the parties.
9. Governing Law and Jurisdiction
This DPA shall be governed by and construed in accordance with the laws of [Jurisdiction].
Any disputes arising out of or in connection with this DPA shall be subject to the exclusive
jurisdiction of the courts of [Jurisdiction].
10. Amendments
Any amendments to this DPA shall be agreed upon in writing by both parties and shall form
an integral part of this agreement.
Conclusion
This Data Processing Agreement outlines the responsibilities of the Data Processor in
processing personal data on behalf of the Data Controller, ensuring compliance with the
GDPR and protection of data subjects' rights and freedoms. Both parties are committed to
fulfilling their obligations under this agreement to safeguard personal data.

You might also like