The Supplier Data Processing Agreement is essential when an organization (controller) engages a supplier (processor) to process personal data on its behalf. This agreement, governed by English and Welsh law, is required under Article 28 of the UK GDPR and must be in place before any data processing begins. It defines the scope of processing, security requirements, confidentiality obligations, and procedures for handling data breaches. The agreement is particularly crucial in ensuring compliance with data protection regulations and establishing clear accountability between parties.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership of your docs
1. Parties: Identification of the data controller and data processor
2. Background: Context of the processing relationship and purpose of the agreement
3. Definitions: Key terms used throughout the agreement, including GDPR-specific terminology
4. Processor Obligations: Core obligations of the data processor under GDPR Article 28, including processing only on documented instructions
5. Security Measures: Technical and organizational measures required for data protection
6. Sub-processing: Rules and permissions regarding use of sub-processors
7. Data Breach Notification: Procedures for handling and reporting data breaches
8. Term and Termination: Duration of the agreement and termination provisions
1. International Transfers: Provisions for data transfers outside the UK, including transfer mechanisms and safeguards
2. Sector-Specific Compliance: Additional requirements for specific regulated industries such as healthcare or financial services
3. Audit Rights: Enhanced audit provisions for controller oversight and compliance verification
1. Schedule 1 - Description of Processing: Details of processing activities, categories of data subjects, types of personal data, and processing purposes
2. Schedule 2 - Technical and Organizational Measures: Detailed security measures implemented by the processor to ensure appropriate data protection
3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities
4. Schedule 4 - Transfer Mechanisms: International data transfer agreements or Standard Contractual Clauses if applicable
Find the exact document you need
Standard Data Processing Agreement
An England & Wales agreement outlining data processing responsibilities under UK GDPR and Data Protection Act 2018.
Download
Order Data Processing Agreement
An England & Wales legal agreement detailing data processing terms between a data controller and processor.
Download
Dpia Agreement
An England & Wales contract outlining third-party distribution rights, ensuring compliance with competition laws and brand standards.
Download
Dpa Legal Agreement
An England & Wales legal agreement outlining supplier-distributor relationships, including territorial rights and compliance standards.
Download
Data Processing Addendum
An England & Wales agreement appointing a distributor for pharmaceutical products, ensuring regulatory compliance and product integrity.
Download
Data Agreement
An England & Wales agreement outlining distributor rights and obligations for food product handling and compliance.
Download
Data Addendum
An England & Wales contract defining supplier-distributor relationships, covering exclusivity, territory, and compliance with competition law.
Download
Dpa Addendum
A UK-law compliant addendum defining data processing obligations between controllers and processors under GDPR and DPA 2018.
Download
Joint Data Controller Agreement
A legally binding agreement under English and Welsh law that establishes responsibilities between organizations jointly controlling personal data processing.
Download
Third Party Processor Agreement
A legally binding agreement under English and Welsh law governing the processing of personal data by a third party on behalf of a data controller.
Download
Personal Data Collection Agreement
A legally binding agreement under English and Welsh law governing the collection and processing of personal data in compliance with UK GDPR and related legislation.
Download
International Data Protection Agreement
A legally binding agreement under English and Welsh law governing international personal data processing and transfer arrangements between controllers and processors.
Download
Data Sharing Agreement Controller To Processor
A legally binding agreement under English and Welsh law establishing terms for data processing between a controller and processor, ensuring UK GDPR compliance.
Download
Processor To Processor Dpa
A legal agreement under English and Welsh law governing data processing arrangements between two processors, ensuring UK GDPR compliance.
Download
Master Data Protection Agreement
A legal agreement under English and Welsh law governing the processing of personal data between organizations, ensuring compliance with UK data protection regulations.
Download
Intra Group Data Transfer Agreement
A UK law-governed agreement regulating personal data transfers between entities within the same corporate group, ensuring compliance with UK data protection regulations.
Download
Data Management Agreement
A legal agreement under English and Welsh law governing the terms of data handling and processing between parties, ensuring compliance with UK data protection regulations.
Download
Data Controller To Data Controller Agreement
An English law agreement governing personal data sharing between two independent data controllers, ensuring UK GDPR compliance.
Download
Commissioned Data Processing Agreement
A legal agreement under English and Welsh law governing the processing of personal data between a controller and processor, ensuring UK GDPR compliance.
Download
Controller To Controller Dpa
A legal agreement under English and Welsh law governing personal data sharing between two independent data controllers, ensuring UK GDPR compliance.
Download
Dpa Agreement
A legally binding agreement under English and Welsh law that governs the processing of personal data between a controller and processor, ensuring UK GDPR compliance.
Download
Third Party Data Processing Agreement
An English law agreement governing the processing of personal data between a controller and processor under UK GDPR requirements.
Download
Data Transfer Addendum
A legal document under English and Welsh law that governs the transfer of personal data between organizations in compliance with UK data protection regulations.
Download
Supplier Data Processing Agreement
A legal agreement under English and Welsh law governing personal data processing arrangements between controllers and processors, ensuring UK GDPR compliance.
Download
Personal Data Transfer Agreement
An England and Wales law-governed agreement establishing terms for compliant transfer of personal data between organizations under UK data protection regulations.
Download
Controller Processor Agreement
A legal agreement under English and Welsh law governing the relationship between data controllers and processors, ensuring compliance with UK data protection requirements.
Download
Order Processing Agreement
A legal agreement under English and Welsh law governing the processing of orders and associated data, ensuring compliance with UK data protection regulations.
Download
Data Protection Agreement For Employees
A legally binding agreement under English and Welsh law governing the processing and protection of employee personal data in compliance with UK data protection legislation.
Download
Affiliate Addendum
A supplementary legal document under English and Welsh law that modifies existing affiliate agreements, outlining additional terms and conditions for affiliate marketing relationships.
Download
Sub Processing Agreement
An English law agreement governing the relationship between a processor and sub-processor for personal data processing activities.
Download
Data Protection Addendum
A legal document under English and Welsh law that establishes data protection obligations between parties processing personal data in compliance with UK GDPR.
Download
Data Transfer Agreement
A legal agreement under English and Welsh law governing the transfer of personal data between organizations, ensuring compliance with UK data protection regulations.
Download
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
.png)