TOOLS AND TRACKERSMEMBER

Sample Data Processing Agreement

This template is intended to be used as a starting point and reference for a sample data processing agreement.

Published

Note: This model agreement is not legal advice. It is designed to be relatively neutral but there will be provisions that may favor controllers over processors or vice versa. It is intended to be used as a starting point and reference, but many will choose to modify its language to fit their situation. The document endnotes provide additional insight and guidance, but they are not intended to be included in any actual data processing agreements.

Article 28 of the EU’s General Data Protection Regulation requires data controllers to include in their contracts with processors certain terms and requirements. Sometimes these terms are included in the body of product and service contracts, but frequently they are added to new or existing agreements as an addendum.

This template is intended to be used as a starting point and reference for a sample data processing agreement.

MEMBER

Unlock this exclusive content and more

Join the IAPPAlready a member? Sign in

Membership opens up a world of resources

In-depth knowledge

From original research reports and daily news coverage to legislative trackers and infographics, we have the information you need to stay ahead of change.

A global network

Make valuable professional connections through more than 160 local IAPP KnowledgeNet chapters in 70 countries.

Access to the experts

Connect with top thinkers in privacy, AI governance and cybersecurity for fresh ideas and insights.

Learn what you get from membership