tiktok���˰�

The Intercompany Data Processing Agreement is essential for corporate groups operating in Belgium who need to establish clear protocols for internal data processing activities. This document is required when one group entity processes personal data on behalf of another entity within the same corporate structure, ensuring compliance with both EU GDPR and Belgian data protection requirements. It becomes particularly relevant during group-wide digital transformation initiatives, shared service center implementations, or when centralizing data processing activities. The agreement covers crucial aspects such as data security measures, breach notification procedures, audit rights, and sub-processing arrangements, while taking into account the specific requirements of Belgian law, including its implementation of EU regulations. This document differs from standard DPAs by accounting for the specific dynamics and relationships within corporate groups while maintaining necessary compliance safeguards.

1. Parties: Identification of the group companies involved, specifying which entity is the data controller and which is the data processor

2. Background: Context of the agreement, relationship between the group companies, and purpose of the data processing activities

3. Definitions: Key terms used in the agreement, including GDPR-specific terminology and company-specific terms

4. Scope and Purpose of Processing: Detailed description of the data processing activities covered by the agreement

5. Duration and Termination: Term of the agreement, renewal provisions, and termination conditions

6. Obligations of the Data Processor: Core processor obligations under GDPR Article 28, including processing only on documented instructions

7. Obligations of the Data Controller: Controller's responsibilities, including providing documented instructions and ensuring lawful basis for processing

8. Security Measures: Technical and organizational measures required to ensure appropriate security of the personal data

9. Sub-processing: Conditions and requirements for engaging sub-processors within or outside the group

10. Data Subject Rights: Procedures for handling data subject requests and processor's assistance obligations

11. Personal Data Breach: Notification requirements and procedures in case of data breaches

12. Audit Rights: Controller's audit rights and processor's obligations to demonstrate compliance

13. Data Protection Impact Assessments: Processor's obligation to assist with DPIAs when required

14. Return or Deletion of Data: Obligations regarding personal data upon termination of services

15. Liability and Indemnities: Allocation of liability between group companies and indemnification provisions

16. Governing Law and Jurisdiction: Specification of Belgian law as governing law and jurisdiction for disputes