The Commissioned Data Processing Agreement is a mandatory legal instrument required under Article 28 of the GDPR when a company (controller) engages another party (processor) to process personal data on its behalf. This document, governed by Belgian law, establishes the framework for compliant data processing activities, including specific obligations, technical and organizational measures, and liability provisions. It should be used whenever a Belgian company outsources data processing activities or when Belgian law governs the processing relationship. The agreement addresses critical aspects such as data security, breach notification, sub-processor engagement, and international data transfers, while ensuring compliance with both EU-wide GDPR requirements and specific Belgian data protection regulations.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
1. Parties: Identification of the data controller and data processor, including official registration details as required under Belgian law
2. Background: Context of the processing relationship and brief description of the services requiring data processing
3. Definitions: Definitions of key terms, incorporating GDPR Article 4 definitions and agreement-specific terms
4. Scope and Purpose of Processing: Detailed description of the processing activities, purposes, and types of personal data involved
5. Duration of Processing: Timeframe for the processing activities and relationship between parties
6. Obligations of the Processor: Core processor obligations under GDPR Article 28, including processing only on documented instructions
7. Sub-processing: Conditions and requirements for engaging sub-processors, including authorization process
8. Technical and Organizational Measures: Security measures implemented to ensure appropriate level of data protection
9. Data Subject Rights: Processor's obligations to assist controller in responding to data subject requests
10. Personal Data Breach: Notification requirements and procedures in case of data breaches
11. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance
12. Data Transfer: Rules for international data transfers and required safeguards
13. Confidentiality: Confidentiality obligations regarding processed personal data
14. Liability and Indemnification: Allocation of liability and indemnification obligations between parties
15. Termination: Conditions for termination and data deletion/return obligations
16. Governing Law and Jurisdiction: Specification of Belgian law as governing law and jurisdiction for disputes
1. Special Categories of Personal Data: Additional safeguards for processing sensitive data categories - include when processing special categories under Article 9 GDPR
2. Data Protection Impact Assessment: Processor's obligations to assist with DPIAs - include when processing is likely to result in high risk
3. Joint Controller Provisions: Additional provisions when parties act as joint controllers for certain processing activities
4. Insurance Requirements: Specific insurance obligations - include for high-risk or large-scale processing
5. Business Continuity: Business continuity and disaster recovery requirements - include for critical processing activities
6. Exit Management: Detailed exit management procedures - include for complex processing arrangements
1. Schedule 1 - Processing Activities: Detailed description of processing activities, including data categories, purposes, and processing operations
2. Schedule 2 - Technical and Organizational Measures: Detailed description of security measures implemented by the processor
3. Schedule 3 - Approved Sub-processors: List of approved sub-processors and their processing activities
4. Schedule 4 - Transfer Mechanisms: Details of international transfer mechanisms where applicable
5. Schedule 5 - Security Breach Response Plan: Detailed procedures for handling personal data breaches
6. Appendix A - Contact Points: List of key contacts for operational, security, and breach notification purposes
7. Appendix B - Standard Forms: Standard forms for sub-processor approval, audit requests, and other routine communications
Find the exact document you need
GDPR Intercompany Agreement
A Belgian law-governed GDPR Intercompany Agreement regulating data processing and transfers between group entities in compliance with EU and Belgian data protection requirements.
Download
International Data Transfer Addendum
Belgian law-governed International Data Transfer Addendum ensuring GDPR compliance for cross-border personal data transfers.
Download
Intra Group Data Processing Agreement
Belgian law-governed data processing agreement for intra-group data transfers and processing activities, ensuring GDPR compliance within corporate groups.
Download
Data Processing Agreement Addendum
A Belgian law-governed addendum that establishes GDPR-compliant terms for personal data processing between a controller and processor.
Download
Data Processing Contract
A Belgian law-governed agreement defining terms for processing personal data under GDPR and national data protection requirements.
Download
Personal Data Agreement
Belgian law-governed Personal Data Agreement establishing data processing terms and GDPR compliance requirements between parties.
Download
DPA Legal Agreement
Belgian law-governed Data Processing Agreement establishing GDPR-compliant terms for personal data processing between controller and processor.
Download
Data Processing Addendum
A Belgian law-governed agreement establishing terms for personal data processing between controllers and processors, ensuring compliance with GDPR and Belgian data protection requirements.
Download
Controller To Controller Agreement GDPR
A Belgian law-governed agreement establishing GDPR-compliant data sharing arrangements between independent data controllers.
Download
International Data Protection Agreement
Belgian law-governed agreement for international personal data processing, ensuring GDPR and local law compliance.
Download
Data Management Agreement
A Belgian law-governed agreement establishing data management and processing requirements between parties, ensuring compliance with local and EU data protection regulations.
Download
Commissioned Data Processing Agreement
Belgian law-governed Data Processing Agreement establishing controller-processor relationships in compliance with GDPR and local data protection requirements.
Download
Intercompany Data Processing Agreement
Belgian law-governed agreement regulating personal data processing between affiliated companies within the same corporate group, ensuring GDPR compliance.
Download
Personal Data Transfer Agreement
A Belgian law-governed agreement establishing terms and conditions for transferring personal data between organizations, ensuring GDPR and local law compliance.
Download
Controller Processor Agreement
A Belgian law-governed agreement establishing terms for personal data processing between a controller and processor, complying with GDPR and Belgian Data Protection Act requirements.
Download
Order Processing Agreement
A Belgian law-governed agreement defining terms for personal data processing between controller and processor, ensuring GDPR and local law compliance.
Download
Sub Processing Agreement
A Belgian law-governed agreement establishing terms for sub-processor engagement in data processing activities, ensuring GDPR and local law compliance.
Download
Data Protection Addendum
Belgian law-governed data protection agreement establishing GDPR-compliant processing terms between controller and processor.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
.png)