A Data Processing Agreement (DPA) is a legally binding contract that is mandatory under South African law when one organization (the data processor) processes personal information on behalf of another organization (the data controller). This document type is specifically required by the Protection of Personal Information Act (POPIA) and must be in place before any processing of personal information begins. The DPA Agreement includes essential provisions such as the scope of processing, security measures, confidentiality obligations, and procedures for handling data breaches. It's particularly crucial for compliance with South African data protection regulations and may also need to consider international standards when dealing with cross-border data transfers. The agreement serves as a critical tool for ensuring accountability and establishing clear responsibilities in data processing relationships.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
1. Parties: Identification of the data controller and data processor, including their registered details and representatives
2. Background: Context of the agreement and relationship between the parties
3. Definitions: Definitions of key terms used in the agreement, aligned with POPIA definitions
4. Scope and Purpose: Details of the specific processing activities covered by the agreement
5. Duration: Term of the agreement and processing activities
6. Nature and Purpose of Processing: Detailed description of how and why personal information will be processed
7. Obligations of the Data Processor: Core responsibilities of the processor including security, confidentiality, and processing limitations
8. Obligations of the Data Controller: Responsibilities of the controller including lawful instructions and compliance with POPIA
9. Security Measures: Required technical and organizational security measures
10. Sub-processing: Rules and restrictions regarding the use of sub-processors
11. Data Subject Rights: Procedures for handling data subject requests and ensuring their rights
12. Data Breaches: Notification requirements and procedures for handling data breaches
13. Audit Rights: Controller's rights to audit processor's compliance
14. Data Return and Deletion: Obligations regarding data handling upon agreement termination
15. Liability and Indemnities: Allocation of risks and responsibilities between parties
16. General Provisions: Standard contractual terms including governing law, jurisdiction, and amendment procedures
1. Cross-border Data Transfers: Required when personal information will be transferred outside South Africa
2. Special Personal Information: Additional requirements when processing special categories of personal information under POPIA
3. Direct Marketing: Specific provisions required when processing involves direct marketing activities
4. Automated Decision Making: Required when processing involves automated decision-making or profiling
5. Children's Data: Special provisions required when processing personal information of children
6. Insurance Requirements: Specific insurance obligations for high-risk processing activities
7. Business Continuity: Required for critical processing activities requiring business continuity guarantees
1. Schedule 1 - Processing Activities: Detailed description of all processing activities, including categories of data subjects and personal information
2. Schedule 2 - Technical and Organizational Measures: Specific security measures and controls implemented by the processor
3. Schedule 3 - Approved Sub-processors: List of authorized sub-processors and their processing activities
4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for lawful cross-border data transfers
5. Schedule 5 - Contact Details: Contact information for key personnel and data protection officers
6. Schedule 6 - Service Level Agreement: Performance metrics and service levels for processing activities
7. Appendix A - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches
Find the exact document you need
International Data Transfer Addendum
A South African law-compliant addendum governing international transfers of personal information under POPIA requirements.
Download
Intra Group Data Processing Agreement
A South African law-governed agreement regulating personal information processing between entities within the same corporate group, ensuring POPIA compliance.
Download
Third Party Processing Agreement
A South African law-governed agreement regulating personal information processing between a responsible party and an operator under POPIA.
Download
Data Processing Addendum
A South African law-compliant agreement governing personal information processing between controllers and processors under POPIA.
Download
Intercompany Data Transfer Agreement
South African law-governed agreement regulating intra-group data transfers in compliance with POPIA and local data protection regulations.
Download
Data Management Agreement
A South African law-compliant agreement governing data management and processing activities between organizations, ensuring POPIA compliance and data protection.
Download
Data Controller To Data Controller Agreement
South African POPIA-compliant agreement governing personal information sharing between two data controllers, establishing mutual obligations and responsibilities.
Download
DPA Agreement
A South African law-compliant Data Processing Agreement establishing terms for handling personal information under POPIA regulations.
Download
Third Party Data Processing Agreement
A South African law-compliant agreement governing the processing of personal information by a third-party operator on behalf of a responsible party under POPIA.
Download
Personal Data Transfer Agreement
A POPIA-compliant agreement for transferring personal information between parties under South African law.
Download
Controller Processor Agreement
A South African law-governed agreement between a data controller and processor establishing terms for personal information processing under POPIA.
Download
Affiliate Addendum
A South African law-compliant addendum establishing terms and conditions for affiliate marketing relationships, including commission structures and compliance requirements.
Download
Sub Processing Agreement
A South African-compliant agreement governing the delegation of personal information processing activities to a sub-processor under POPIA requirements.
Download
International Data Transfer Agreement
A South African law-governed agreement for cross-border personal information transfers, ensuring POPIA compliance and data protection standards.
Download
Data Protection Addendum
A South African law-governed addendum establishing POPIA-compliant terms for personal information processing between parties.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
.png)