TOOLS AND TRACKERS

Sample Data Processing Agreement

This template is intended to be used as a starting point and reference for a sample data processing agreement.

Published: 27 March 2018

View PDF

Article 28 of the EU’s General Data Protection Regulation requires data controllers to include in their contracts with processors certain terms and requirements. Sometimes these terms are included in the body of product and service contracts, but frequently they are added to new or existing agreements as an addendum.

Note: This model agreement is not legal advice. It is designed to be relatively neutral but there will be provisions that may favor controllers over processors or vice versa. It is intended to be used as a starting point and reference, but many will choose to modify its language to fit their situation. The document endnotes provide additional insight and guidance, but they are not intended to be included in any actual data processing agreements.

CPE credit badge

This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.

Submit for CPEs

Tags:

Compliance techInternational data transfersLaw and regulationProgram managementRisk managementGDPRPrivacy
TOOLS AND TRACKERS

Sample Data Processing Agreement

This template is intended to be used as a starting point and reference for a sample data processing agreement.

Published: 27 March 2018

View PDF

Article 28 of the EU’s General Data Protection Regulation requires data controllers to include in their contracts with processors certain terms and requirements. Sometimes these terms are included in the body of product and service contracts, but frequently they are added to new or existing agreements as an addendum.

Note: This model agreement is not legal advice. It is designed to be relatively neutral but there will be provisions that may favor controllers over processors or vice versa. It is intended to be used as a starting point and reference, but many will choose to modify its language to fit their situation. The document endnotes provide additional insight and guidance, but they are not intended to be included in any actual data processing agreements.

CPE credit badge

This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.

Submit for CPEs

Tags:

Compliance techInternational data transfersLaw and regulationProgram managementRisk managementGDPRPrivacy

Related resources

US State Privacy Legislation Tracker

TOOLS AND TRACKERS

Organizational Digital Governance Report 2025

REPORTMEMBER

US State Comprehensive Privacy Laws Report

REPORTMEMBER

US Data Privacy Litigation

RESOURCE ARTICLE