The DPA Data Protection Agreement is a crucial legal instrument used when an organization (data controller) engages another party (data processor) to process personal data on its behalf in the Philippines. This document is essential for compliance with the Data Privacy Act of 2012 and its implementing rules, which require formal agreements for data processing activities. The agreement becomes necessary when outsourcing data processing activities, using cloud services, or engaging third-party vendors who will have access to personal data. It outlines specific responsibilities, security measures, confidentiality obligations, and compliance requirements, ensuring both parties understand their roles and obligations under Philippine privacy laws. This document is particularly important given the strict enforcement regime of the National Privacy Commission and the potential penalties for non-compliance with data protection requirements.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
1. Parties: Identification of the data controller and data processor, including their registered addresses and authorized representatives
2. Background: Context of the agreement, relationship between the parties, and purpose of data processing activities
3. Definitions: Definitions of key terms used in the agreement, aligned with the Data Privacy Act of 2012 definitions
4. Scope and Purpose: Detailed description of the data processing activities covered by the agreement
5. Obligations of the Data Processor: Core responsibilities of the processor including processing limitations, confidentiality, and security measures
6. Obligations of the Data Controller: Responsibilities of the controller including lawful basis for processing and providing clear instructions
7. Security Measures: Technical and organizational measures required to protect personal data
8. Data Breach Notification: Procedures for reporting and handling personal data breaches
9. Audit Rights: Controller's rights to audit processor's compliance and processor's obligations to demonstrate compliance
10. Liability and Indemnification: Allocation of responsibility for data protection violations and indemnification provisions
11. Term and Termination: Duration of the agreement and conditions for termination
12. Return or Deletion of Data: Obligations regarding personal data upon termination of services
13. Governing Law and Jurisdiction: Specification of Philippine law as governing law and jurisdiction for disputes
1. Cross-border Data Transfers: Required when personal data will be transferred outside the Philippines, specifying compliance with cross-border transfer requirements
2. Sub-processors: Include when the data processor may engage sub-processors, specifying requirements for approval and obligations
3. Industry-Specific Requirements: Additional provisions for specific sectors like healthcare, banking, or telecommunications
4. Data Protection Impact Assessment: Include when processing activities require DPIA under Philippine law
5. Insurance Requirements: Specific insurance obligations for data protection risks
6. Force Majeure: Provisions for handling data protection obligations during extraordinary circumstances
1. Schedule 1 - Processing Activities: Detailed description of authorized processing activities, categories of data subjects, and types of personal data
2. Schedule 2 - Technical and Organizational Measures: Specific security measures and controls implemented to protect personal data
3. Schedule 3 - Authorized Sub-processors: List of approved sub-processors and their processing activities, if applicable
4. Schedule 4 - Data Transfer Mechanisms: Details of mechanisms used for international data transfers, if applicable
5. Schedule 5 - Contact Points: List of key contacts for data protection matters, including Data Protection Officers
6. Appendix A - Security Breach Response Plan: Detailed procedures for handling and reporting data breaches
7. Appendix B - Audit Requirements: Specific procedures and requirements for compliance audits
Find the exact document you need
Joint Controller Data Processing Agreement
A Philippine law-compliant agreement establishing responsibilities between joint controllers for personal data processing under the Data Privacy Act.
Download
DPA Data Protection Agreement
A Data Protection Agreement compliant with Philippine privacy laws (RA 10173), governing the relationship between data controllers and processors in handling personal data.
Download
Joint Controller Data Sharing Agreement
A Philippine law-compliant agreement establishing terms and responsibilities between joint controllers for sharing and processing personal data under the Data Privacy Act of 2012.
Download
Confidentiality IP And Data Protection Agreement
A Philippine law-governed agreement combining confidentiality, IP rights, and data protection obligations, ensuring comprehensive protection of sensitive information and compliance with local regulations.
Download
Personal Data Protection Agreement
A legal agreement governing personal data processing and protection under Philippine data privacy laws, establishing rights and obligations for handling personal information.
Download
Confidentiality Agreement Data Protection
Philippine-law governed agreement combining confidentiality obligations with data protection requirements under the Data Privacy Act of 2012.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
.png)