A Commissioned Data Processing Agreement is essential whenever an organization (the controller) engages another party (the processor) to process personal data on its behalf. This agreement is mandatory under UK data protection law and must be in place before processing begins. It defines the scope of processing activities, ensures compliance with UK GDPR and the Data Protection Act 2018, and protects both parties by clearly establishing their respective rights and obligations. The agreement should be used for any business relationship involving the processing of personal data, from cloud services to payroll processing.
Create a bespoke document in minutes, or upload and review your own.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Key Requirements PROMPT example:
Commissioned Data Processing Agreement
"I need a Commissioned Data Processing Agreement for my UK-based software company that will be processing customer data for a retail client, including provisions for cloud storage and automated data analysis, to be effective from March 2025."
Your data doesn't train Genie's AI
You keep IP ownership of your information
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
OR
1. Parties: Identification of the data controller and data processor, including registered addresses
2. Background: Context of the processing relationship and purpose of the agreement
3. Definitions: Key terms used throughout the agreement, including specific data protection terminology
4. Scope and Purpose of Processing: Detailed description of what data will be processed and for what purposes
5. Obligations of the Processor: Core responsibilities and commitments of the data processor under UK GDPR and DPA 2018
6. Instructions and Authority: Parameters within which the processor may act and authorization requirements
7. Security Measures: Required technical and organizational measures to ensure appropriate security
8. Data Breach Procedures: Process for handling and reporting data breaches, including timelines and responsibilities
9. Term and Termination: Duration of the agreement and termination provisions, including data handling upon termination
1. International Transfers: Provisions governing the transfer of personal data outside the UK, including appropriate safeguards and transfer mechanisms
2. Sub-processing: Terms and conditions for appointing sub-processors, including approval requirements and liability
3. Audit Rights: Detailed provisions for controller's rights to audit processor's compliance with data protection obligations
1. Schedule 1: Processing Activities: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes
2. Schedule 2: Technical and Organizational Measures: Comprehensive list of security measures and controls implemented by the processor
3. Schedule 3: Approved Sub-processors: List of pre-approved sub-processors including their locations and processing activities
4. Schedule 4: Transfer Mechanisms: Details of international transfer mechanisms and safeguards for cross-border data transfers
Authors
Relevant legal definitions
Clauses
Relevant Industries
Relevant Teams
Relevant Roles
Find the exact document you need
Standard Data Processing Agreement
An England & Wales agreement outlining data processing responsibilities under UK GDPR and Data Protection Act 2018.
find out more
Order Data Processing Agreement
An England & Wales legal agreement detailing data processing terms between a data controller and processor.
find out more
Dpia Agreement
An England & Wales contract outlining third-party distribution rights, ensuring compliance with competition laws and brand standards.
find out more
Dpa Legal Agreement
An England & Wales legal agreement outlining supplier-distributor relationships, including territorial rights and compliance standards.
find out more
Data Processing Addendum
An England & Wales agreement appointing a distributor for pharmaceutical products, ensuring regulatory compliance and product integrity.
find out more
Data Agreement
An England & Wales agreement outlining distributor rights and obligations for food product handling and compliance.
find out more
Data Addendum
An England & Wales contract defining supplier-distributor relationships, covering exclusivity, territory, and compliance with competition law.
find out more
Dpa Addendum
A UK-law compliant addendum defining data processing obligations between controllers and processors under GDPR and DPA 2018.
find out more
Joint Data Controller Agreement
A legally binding agreement under English and Welsh law that establishes responsibilities between organizations jointly controlling personal data processing.
find out more
Third Party Processor Agreement
A legally binding agreement under English and Welsh law governing the processing of personal data by a third party on behalf of a data controller.
find out more
Personal Data Collection Agreement
A legally binding agreement under English and Welsh law governing the collection and processing of personal data in compliance with UK GDPR and related legislation.
find out more
International Data Protection Agreement
A legally binding agreement under English and Welsh law governing international personal data processing and transfer arrangements between controllers and processors.
find out more
Data Sharing Agreement Controller To Processor
A legally binding agreement under English and Welsh law establishing terms for data processing between a controller and processor, ensuring UK GDPR compliance.
find out more
Processor To Processor Dpa
A legal agreement under English and Welsh law governing data processing arrangements between two processors, ensuring UK GDPR compliance.
find out more
Master Data Protection Agreement
A legal agreement under English and Welsh law governing the processing of personal data between organizations, ensuring compliance with UK data protection regulations.
find out more
Intra Group Data Transfer Agreement
A UK law-governed agreement regulating personal data transfers between entities within the same corporate group, ensuring compliance with UK data protection regulations.
find out more
Data Management Agreement
A legal agreement under English and Welsh law governing the terms of data handling and processing between parties, ensuring compliance with UK data protection regulations.
find out more
Data Controller To Data Controller Agreement
An English law agreement governing personal data sharing between two independent data controllers, ensuring UK GDPR compliance.
find out more
Commissioned Data Processing Agreement
A legal agreement under English and Welsh law governing the processing of personal data between a controller and processor, ensuring UK GDPR compliance.
find out more
Controller To Controller Dpa
A legal agreement under English and Welsh law governing personal data sharing between two independent data controllers, ensuring UK GDPR compliance.
find out more
Dpa Agreement
A legally binding agreement under English and Welsh law that governs the processing of personal data between a controller and processor, ensuring UK GDPR compliance.
find out more
Third Party Data Processing Agreement
An English law agreement governing the processing of personal data between a controller and processor under UK GDPR requirements.
find out more
Data Transfer Addendum
A legal document under English and Welsh law that governs the transfer of personal data between organizations in compliance with UK data protection regulations.
find out more
Supplier Data Processing Agreement
A legal agreement under English and Welsh law governing personal data processing arrangements between controllers and processors, ensuring UK GDPR compliance.
find out more
Personal Data Transfer Agreement
An England and Wales law-governed agreement establishing terms for compliant transfer of personal data between organizations under UK data protection regulations.
find out more
Controller Processor Agreement
A legal agreement under English and Welsh law governing the relationship between data controllers and processors, ensuring compliance with UK data protection requirements.
find out more
Order Processing Agreement
A legal agreement under English and Welsh law governing the processing of orders and associated data, ensuring compliance with UK data protection regulations.
find out more
Data Protection Agreement For Employees
A legally binding agreement under English and Welsh law governing the processing and protection of employee personal data in compliance with UK data protection legislation.
find out more
Affiliate Addendum
A supplementary legal document under English and Welsh law that modifies existing affiliate agreements, outlining additional terms and conditions for affiliate marketing relationships.
find out more
Sub Processing Agreement
An English law agreement governing the relationship between a processor and sub-processor for personal data processing activities.
find out more
Data Protection Addendum
A legal document under English and Welsh law that establishes data protection obligations between parties processing personal data in compliance with UK GDPR.
find out more
Data Transfer Agreement
A legal agreement under English and Welsh law governing the transfer of personal data between organizations, ensuring compliance with UK data protection regulations.
find out more
³Ò±ð²Ô¾±±ð’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ³Ò±ð²Ô¾±±ð’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.