The Data Processing Addendum (DPA) is essential for organizations engaged in processing personal data under Belgian jurisdiction. It is typically used as an annexure to a main service agreement when one party (the processor) processes personal data on behalf of another party (the controller). The DPA ensures compliance with Article 28 of the GDPR and the Belgian Data Protection Act of 2018, detailing specific requirements for data processing activities, security measures, breach notifications, and data subject rights. This document is particularly crucial in the Belgian context, where organizations must adhere to both EU-wide regulations and specific national implementation measures. The DPA includes provisions for technical and organizational measures, sub-processor management, international data transfers (where applicable), and audit rights, all aligned with Belgian legal requirements and supervisory authority guidelines.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership of your docs
1. Parties: Identification of the data controller and data processor, including full legal names, registration details, and addresses
2. Background: Context of the relationship between parties and purpose of the addendum in relation to the main agreement
3. Definitions: Definitions of key terms used in the DPA, aligned with GDPR Article 4 and Belgian Data Protection Act definitions
4. Scope and Purpose of Processing: Detailed description of the authorized data processing activities, categories of data subjects, and types of personal data
5. Obligations of the Data Processor: Core processor obligations under GDPR Article 28, including processing only on documented instructions, confidentiality, security measures, and sub-processor requirements
6. Technical and Organizational Measures: Security measures implemented to ensure appropriate level of data protection
7. Sub-processing: Conditions and requirements for engaging sub-processors, including authorization process and obligations
8. Data Subject Rights: Processor's obligations to assist controller in responding to data subject requests
9. Data Breach Notification: Procedures and timeframes for notifying controller of personal data breaches
10. Audit Rights: Controller's rights to audit processor's compliance and processor's obligations to contribute to audits
11. Data Return and Deletion: Obligations regarding return or deletion of personal data upon termination of services
12. Liability and Indemnification: Allocation of liability between parties and indemnification obligations
13. Term and Termination: Duration of the DPA and conditions for termination
14. Governing Law and Jurisdiction: Specification of Belgian law as governing law and jurisdiction for disputes
1. International Data Transfers: Required when personal data will be transferred outside the EEA, including transfer mechanisms and safeguards
2. Specific Industry Requirements: Additional requirements for specific sectors (e.g., healthcare, financial services) subject to additional regulations
3. Insurance Requirements: Specific insurance obligations for the processor, if required by the controller or industry standards
4. Business Continuity and Disaster Recovery: Detailed requirements for ensuring continuous data processing capabilities, if critical to the controller
5. Data Protection Impact Assessment: Processor's obligations to assist with DPIAs when required by the nature of processing
6. Joint Controller Provisions: Required when the relationship includes elements of joint controllership under Article 26 GDPR
1. Schedule 1 - Details of Processing: Detailed description of processing activities, including categories of data, purposes, duration
2. Schedule 2 - Technical and Organizational Measures: Detailed description of security measures implemented by the processor
3. Schedule 3 - Authorized Sub-processors: List of approved sub-processors and their processing activities
4. Schedule 4 - Transfer Mechanisms: Details of transfer mechanisms used for international data transfers, including SCCs if applicable
5. Schedule 5 - Security Breach Response Plan: Detailed procedures for handling and reporting data breaches
6. Appendix A - Contact Details: Contact information for data protection officers, representatives, and key personnel
7. Appendix B - Standard Contractual Clauses: If applicable, EU Standard Contractual Clauses for international transfers
Find the exact document you need
GDPR Intercompany Agreement
A Belgian law-governed GDPR Intercompany Agreement regulating data processing and transfers between group entities in compliance with EU and Belgian data protection requirements.
Download
International Data Transfer Addendum
Belgian law-governed International Data Transfer Addendum ensuring GDPR compliance for cross-border personal data transfers.
Download
Intra Group Data Processing Agreement
Belgian law-governed data processing agreement for intra-group data transfers and processing activities, ensuring GDPR compliance within corporate groups.
Download
Data Processing Agreement Addendum
A Belgian law-governed addendum that establishes GDPR-compliant terms for personal data processing between a controller and processor.
Download
Data Processing Contract
A Belgian law-governed agreement defining terms for processing personal data under GDPR and national data protection requirements.
Download
Personal Data Agreement
Belgian law-governed Personal Data Agreement establishing data processing terms and GDPR compliance requirements between parties.
Download
DPA Legal Agreement
Belgian law-governed Data Processing Agreement establishing GDPR-compliant terms for personal data processing between controller and processor.
Download
Data Processing Addendum
A Belgian law-governed agreement establishing terms for personal data processing between controllers and processors, ensuring compliance with GDPR and Belgian data protection requirements.
Download
Controller To Controller Agreement GDPR
A Belgian law-governed agreement establishing GDPR-compliant data sharing arrangements between independent data controllers.
Download
International Data Protection Agreement
Belgian law-governed agreement for international personal data processing, ensuring GDPR and local law compliance.
Download
Data Management Agreement
A Belgian law-governed agreement establishing data management and processing requirements between parties, ensuring compliance with local and EU data protection regulations.
Download
Commissioned Data Processing Agreement
Belgian law-governed Data Processing Agreement establishing controller-processor relationships in compliance with GDPR and local data protection requirements.
Download
Intercompany Data Processing Agreement
Belgian law-governed agreement regulating personal data processing between affiliated companies within the same corporate group, ensuring GDPR compliance.
Download
Personal Data Transfer Agreement
A Belgian law-governed agreement establishing terms and conditions for transferring personal data between organizations, ensuring GDPR and local law compliance.
Download
Controller Processor Agreement
A Belgian law-governed agreement establishing terms for personal data processing between a controller and processor, complying with GDPR and Belgian Data Protection Act requirements.
Download
Order Processing Agreement
A Belgian law-governed agreement defining terms for personal data processing between controller and processor, ensuring GDPR and local law compliance.
Download
Sub Processing Agreement
A Belgian law-governed agreement establishing terms for sub-processor engagement in data processing activities, ensuring GDPR and local law compliance.
Download
Data Protection Addendum
Belgian law-governed data protection agreement establishing GDPR-compliant processing terms between controller and processor.
Download
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
.png)