This Master Data Protection Agreement is essential for organizations engaging in data processing activities under German jurisdiction. It serves as the primary contractual framework ensuring compliance with both the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The agreement is necessary whenever an organization (controller) engages another party (processor) to process personal data on its behalf, covering aspects such as data security measures, breach notifications, sub-processor engagement, international transfers, and audit rights. It includes specific provisions required under German law and is designed to be adaptable to various processing scenarios while maintaining strict compliance with European and German data protection requirements.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership of your docs
1. Parties: Identification of the data controller and data processor, including full legal names, registration details, and authorized representatives
2. Background: Context of the relationship and purpose of the agreement
3. Definitions: Definitions of key terms used in the agreement, including GDPR-specific terminology
4. Scope and Purpose of Processing: Detailed description of the data processing activities covered by the agreement
5. Duration of Processing: Term of the agreement and processing activities
6. Nature and Purpose of Processing: Specific details about how and why personal data will be processed
7. Types of Personal Data: Categories of personal data to be processed
8. Categories of Data Subjects: Types of individuals whose data will be processed
9. Obligations of the Processor: Detailed processor obligations under GDPR Article 28 and BDSG
10. Obligations of the Controller: Controller's responsibilities and duties
11. Technical and Organizational Measures: Security measures required under GDPR Article 32
12. Sub-processing: Rules and procedures for engaging sub-processors
13. Data Subject Rights: Procedures for handling data subject requests
14. Data Breach Notification: Procedures and timelines for reporting data breaches
15. Audit Rights: Controller's rights to audit and verify compliance
16. Data Return and Deletion: Obligations regarding data handling upon agreement termination
17. Liability and Indemnification: Allocation of responsibilities and liability between parties
18. Governing Law and Jurisdiction: Specification of German law application and jurisdiction
1. International Data Transfers: Required when personal data will be transferred outside the EU/EEA
2. Special Categories of Personal Data: Required when processing sensitive data under GDPR Article 9
3. Industry-Specific Requirements: Include when specific industry regulations apply (e.g., healthcare, financial services)
4. Data Protection Impact Assessment: Required when processing is likely to result in high risk to individuals
5. Joint Controller Provisions: Include when parties act as joint controllers rather than controller-processor
6. Insurance Requirements: Specific insurance obligations for high-risk processing activities
7. Service Level Agreement: Performance metrics and standards for processing activities
1. Schedule 1 - Processing Activities: Detailed description of all processing activities, including purposes, categories of data, and retention periods
2. Schedule 2 - Technical and Organizational Measures: Detailed security measures implemented by the processor
3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities
4. Schedule 4 - Transfer Mechanisms: Details of international transfer mechanisms if applicable
5. Schedule 5 - Contact Details: Key contacts for data protection matters, including DPO details
6. Appendix A - Standard Contractual Clauses: EU SCCs for international transfers if applicable
7. Appendix B - Security Breach Response Plan: Detailed procedures for handling and reporting data breaches
8. Appendix C - Audit Procedures: Detailed procedures for conducting compliance audits
Find the exact document you need
Intra Group Agreement Data Protection
German law-governed data protection agreement regulating personal data processing between group companies, ensuring GDPR and BDSG compliance.
Download
Data Privacy Agreement
A German law-governed agreement establishing terms for personal data processing between controller and processor, ensuring GDPR and BDSG compliance.
Download
Joint Controller Data Processing Agreement
German law-governed agreement establishing responsibilities between joint controllers under GDPR Article 26 and BDSG requirements.
Download
Controller To Controller Agreement GDPR
A German law-governed agreement establishing data sharing terms between two controllers under GDPR compliance requirements.
Download
Data Controller DPA
German law-governed Data Processing Agreement establishing terms for personal data processing under GDPR and BDSG requirements.
Download
Proprietary Data Protection Agreement
A German law-governed agreement for protecting proprietary data and ensuring compliance with GDPR, BDSG, and German Trade Secrets Act requirements.
Download
Master Data Protection Agreement
A German law-governed data processing agreement establishing GDPR and BDSG-compliant terms between data controller and processor.
Download
Commissioned Data Processing Agreement
A German law-governed agreement between a data controller and processor establishing terms for GDPR-compliant personal data processing.
Download
Supplier Data Processing Agreement
A German law-governed data processing agreement between controller and processor, ensuring GDPR and BDSG compliance for supplier relationships involving personal data processing.
Download
Data Protection Agreement For Employees
A German law-governed agreement establishing data protection rules between employer and employee under GDPR and BDSG requirements.
Download
Data Privacy Addendum
A German law-governed addendum establishing data protection obligations and responsibilities under GDPR and BDSG requirements.
Download
Non Disclosure Agreement Data Protection
German-law governed NDA incorporating GDPR and BDSG data protection requirements for protecting both confidential information and personal data.
Download
Data Protection Addendum
A German law-governed agreement establishing data processing terms between controllers and processors, ensuring compliance with GDPR and German data protection requirements.
Download
Confidentiality Agreement Data Protection
German law-governed Confidentiality Agreement with integrated GDPR and data protection provisions for secure handling of confidential information and personal data.
Download
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
.png)