Free Data Processing Agreement (GDPR Compliance) Creator - Create Online



Data Processing Agreement (GDPR Compliance) template
Data Processing Agreement (GDPR Compliance) sample


What is Data Processing Agreement (GDPR Compliance)?

Data Processing Agreement (GDPR Compliance) A Data Processing Agreement ensures GDPR compliance for the processing of personal data, specifying data protection obligations, data processing purposes, data transfer terms, and rights of data subjects.



Sample template:



Data Processing Agreement (GDPR Compliance)

Between SecureTech Finance Inc ("Data Controller") and DataGuard Solutions LLC ("Data Processor")


1. Definitions and Interpretation

1.1. Definitions


In this Agreement, the following words and phrases shall have the following meanings:


"Data Protection Laws" means all applicable laws relating to the protection of personal data, including the European Union General Data Protection Regulation (GDPR), and any laws of the United States of America;


"Personal Data" means any information relating to an identified or identifiable natural person (‘Data Subject’) that is processed by the Data Processor on behalf of the Data Controller pursuant to this Agreement;


"Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction.



2. Subject Matter and Duration of Processing

2.1. Purpose and Scope of Processing


The Data Processor shall process Personal Data on behalf of the Data Controller for the purpose of providing the services specified in the main agreement between the parties. The duration of the Processing shall be for the term of the main agreement, or until otherwise instructed by the Data Controller in writing.


2.2. Types of Personal Data and Categories of Data Subjects


The Data Processor shall process the following types of Personal Data and categories of Data Subjects as specified by the Data Controller:


a) Types of Personal Data: names, addresses, email addresses, telephone numbers, identification numbers, financial information, and other relevant personal data;


b) Categories of Data Subjects: customers, employees, contractors, and agents of the Data Controller.



3. Data Processor's Obligations

3.1. Compliance with Laws


The Data Processor shall process Personal Data in compliance with all applicable Data Protection Laws and shall not process Personal Data for any other purpose than those set out in this Agreement or otherwise agreed upon by the parties in writing.


3.2. Data Processor Personnel


The Data Processor shall ensure that all employees and contractors with access to Personal Data have received adequate training on data protection and are bound by a commitment of confidentiality.


3.3. Data Protection Measures


The Data Processor shall implement appropriate technical and organizational measures to ensure the security and confidentiality of Personal Data, including measures to protect Personal Data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, and any other unlawful forms of Processing.


3.4. Assistance to Data Controller


The Data Processor shall provide reasonable assistance to the Data Controller in meeting its obligations under the Data Protection Laws, including assisting in responding to requests from Data Subjects exercising their rights under the Data Protection Laws.


3.5. Data Breach Notification


The Data Processor shall notify the Data Controller without undue delay of any actual or suspected data breach affecting Personal Data processed on behalf of the Data Controller and provide reasonable cooperation and assistance in investigating and remediating such breach.



4. Subprocessing and Data Transfers

4.1. Subprocessors


The Data Processor shall not engage any subprocessors without the prior written consent of the Data Controller. If the Data Processor engages a subprocessor, the Data Processor shall ensure that the subprocessor is bound by a written agreement containing data protection obligations that are no less protective than those set out in this Agreement.


4.2. International Data Transfers


The Data Processor shall not transfer Personal Data to a country or international organization outside the European Economic Area without the prior written consent of the Data Controller and only if such transfer is in compliance with the Data Protection Laws.



5. Data Subject Rights

5.1. Responding to Data Subject Requests


The Data Processor shall promptly notify the Data Controller of any requests from Data Subjects exercising their rights under the Data Protection Laws and provide the Data Controller with reasonable assistance in responding to such requests.


5.2. Deletion or Return of Personal Data


Upon termination of this Agreement, the Data Processor shall, at the choice of the Data Controller, either delete or return all Personal Data processed on behalf of the Data Controller, and delete any copies of the Personal Data, unless legally required to retain such data.



6. Audit Rights

6.1. Right to Audit


The Data Processor shall make available to the Data Controller upon request any information necessary to demonstrate compliance with this Agreement and the Data Protection Laws. The Data Controller or its authorized representative shall have the right to audit the Data Processor's compliance with this Agreement and the Data Protection Laws, upon reasonable notice and subject to reasonable confidentiality requirements.



7. Governing Law and Jurisdiction

This Agreement shall be governed by and construed in accordance with the laws of the United States of America. Any disputes arising out of or in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts of the United States of America.



8. Miscellaneous

8.1. Severability


If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.


8.2. Entire Agreement


This Agreement constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes any prior agreements, understandings, and representations, whether oral or written.


8.3. Amendments


Any modifications or amendments to this Agreement must be made in writing and signed by both parties.



IN WITNESS WHEREOF, the parties have duly executed this Data Processing Agreement as of the date first written above.



__________________________


SecureTech Finance Inc


Data Controller



__________________________


DataGuard Solutions LLC


Data Processor

Ready to Create your own Data Processing Agreement (GDPR Compliance)?

Create my first draft



Main Sections of a Data Processing Agreement (GDPR Compliance)


In this Data Processing Agreement (GDPR Compliance), you will see the following sections:

  1. Definitions and Interpretation
  2. Subject Matter and Duration of Processing
  3. Data Processor's Obligations
  4. Subprocessing and Data Transfers
  5. Data Subject Rights
  6. Audit Rights
  7. Governing Law and Jurisdiction
  8. Miscellaneous


About each Section - Analysis and Summary:

  1. Definitions and Interpretation : This section explains the meaning of key terms used in the agreement, such as "Data Protection Laws," "Personal Data," and "Processing." Think of it as a glossary to help you understand the rest of the document.

  2. Subject Matter and Duration of Processing : This section outlines the purpose and scope of the data processing, as well as the types of personal data and categories of data subjects involved. It's like a summary of what the Data Processor will do with the Data Controller's data and for how long.

  3. Data Processor's Obligations : This section lists the responsibilities of the Data Processor, such as complying with data protection laws, ensuring employee training, implementing security measures, and assisting the Data Controller. It's like a to-do list for the Data Processor to ensure they handle the data properly.

  4. Subprocessing and Data Transfers : This section sets rules for the Data Processor when engaging subprocessors or transferring personal data outside the European Economic Area. It's like a set of guidelines to ensure that any third parties involved in processing the data also follow the same rules.

  5. Data Subject Rights : This section outlines how the Data Processor should handle requests from data subjects exercising their rights under data protection laws and what to do with the data upon termination of the agreement. It's like a guide for handling situations where individuals want to access, correct, or delete their data.

  6. Audit Rights : This section grants the Data Controller the right to audit the Data Processor's compliance with the agreement and data protection laws. It's like a permission slip for the Data Controller to check that the Data Processor is doing everything correctly.

  7. Governing Law and Jurisdiction : This section specifies that the agreement is governed by the laws of the United States of America and that any disputes will be resolved in the courts of the United States. It's like a rulebook for handling any legal issues that may arise from the agreement.

  8. Miscellaneous : This section covers various general provisions, such as severability (if one part of the agreement is invalid, the rest still applies), the entire agreement (this document is the full agreement between the parties), and amendments (changes must be in writing and signed by both parties). It's like a collection of housekeeping rules to keep the agreement organized and clear.

Ready to get started?

Create your Data Processing Agreement (GDPR Compliance) now