Service Provider Data Processing Addendum

Privacy Compliance Updated 18 June 2018

  • $1,320.00

Our Data Processing Addendum is designed to help service providers and other organisations providing service providers to clarify with their customers how the parties will approach data breaches and compliance with the processor/controller relationship that may apply to them for the purposes of the EU General Data Protection Regulation (GDPR).It also includes a Schedule for addressing data breaches of jointly held personal information for the purposes of the Australian Notifiable Data Breaches Scheme.

What this document includes

Using DocuStream you can generate a Data Processing Addendum between a Service Provider and its customers, which includes:

  • The parties' agreement as to how long the service provider can process the customer's personal data for;
  • A commitment by each party to comply with applicable Data Protection Laws;
  • ​The parties' agreement to cooperate to assist with compliance matters;
  • ​What is to occur at the end of the agreement - in relation to the return and destruction of personal data;
  • ​How the parties will approach the data breaches involving personal data jointly held by them;
  • Clauses making it clear that the customer remains responsible for ensuring that the data it provides to the service provider for procressing has all necessary consents, authorisations and approvals, and what occurs when they are revoked;
  • A clause making it clear what the customer's instructions are to the service provider for the processing of personal data under the GDPR;
  • ​A description of whose personal data will be processed by the service provider;
  • ​A list of the different types of personal data that will be processed by the services;
  • A list of technical and organisational security processes and procedures that will be implemented by the service provider to protect personal data; 
  • ​Commitments around subprocessing and international transfers by the service provider in line with the requirements of the GDPR;
  • ​An agreed position on how data breaches will be addressed for the purposes of the NDB Scheme;​
  • A separate position on how data breaches will be addressed for the purposes of the GDPR;
  • ​Commitments around providing data subjects with access to their data, the right to data portability, the right to withdraw consent, the right to restrict processing and other rights granted to data subjects pursuant to the GDPR

Common questions

When does the Notifiable Data Breaches Scheme come into effect?

It already has. It came into effect on 22 February 2018.

When did the GDPR come into effect?

25 May 2018.

How much free legal advice does this template come with?

This template comes with 15 minutes of free telephone legal advice from Arnotts Technology Lawyers. During this time, Arnotts will answer any questions they can about the template, to the extent possible within the 15 minutes allocated.

Why Use DocuStream?

  • Quick and easy
  • Customisable
  • Comes with free legal advice
  • Download in Microsoft Word format
  • Apply your own branding
  • Comes with 1 year of free updates
Buy Now

Download Sample

Need help selecting a template?

Call us on

02 8238 6989

Related Documents

Related Blog Articles