The Personal Data Agreement is essential for organizations operating under Irish jurisdiction that process personal data, either as controllers or processors. This document is required under Article 28 of the GDPR and the Irish Data Protection Act 2018 whenever one organization processes personal data on behalf of another. It sets out specific obligations regarding data security, confidentiality, sub-processing, and international transfers, while ensuring compliance with Irish and EU data protection requirements. The agreement is particularly crucial following the Schrems II decision and updated requirements for international data transfers. It should be implemented before any data processing activities commence and must reflect specific technical and organizational measures appropriate to the processing activities involved.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
1. Parties: Identification of the data controller and data processor (or joint controllers), including full legal names, registration numbers, and registered addresses
2. Background: Context of the agreement, relationship between the parties, and purpose of the data processing activities
3. Definitions: Definitions of key terms used in the agreement, including GDPR-specific terminology
4. Scope and Purpose of Processing: Detailed description of the personal data to be processed and the specific purposes for processing
5. Duration of Processing: Timeframe for the data processing activities and the agreement's term
6. Nature and Categories of Personal Data: Specification of the types of personal data being processed and categories of data subjects
7. Obligations of the Data Processor: Processor's commitments including security measures, confidentiality, sub-processing rules, and assistance obligations
8. Rights and Obligations of the Data Controller: Controller's responsibilities, including instructions for processing and monitoring rights
9. Data Subject Rights: Procedures for handling data subject requests and ensuring data subject rights
10. Data Security: Security measures required to protect personal data during processing
11. Data Breach Notification: Procedures and timeframes for reporting and handling personal data breaches
12. Audit Rights: Controller's rights to audit the processor's compliance and processor's obligations to demonstrate compliance
13. Liability and Indemnities: Allocation of liability between parties and indemnification provisions
14. Termination: Conditions for termination and obligations regarding data return or deletion
15. Governing Law and Jurisdiction: Specification of Irish law as governing law and jurisdiction for disputes
1. International Data Transfers: Required when personal data will be transferred outside the EEA, specifying transfer mechanisms and safeguards
2. Sub-processing: Detailed rules for engaging sub-processors, required when the processor intends to use other processors
3. Joint Controller Arrangements: Required when parties are acting as joint controllers, specifying respective responsibilities
4. Special Categories of Personal Data: Additional safeguards required when processing sensitive personal data
5. Data Protection Impact Assessment: Procedures for conducting DPIAs when required by the processing activities
6. Insurance Requirements: Specific insurance obligations for data protection risks
7. Business Continuity and Disaster Recovery: Required for critical processing activities or large-scale processing
1. Schedule 1 - Processing Activities: Detailed description of processing activities, including categories of data, purposes, and processing operations
2. Schedule 2 - Technical and Organizational Measures: Specific security measures and controls implemented to protect personal data
3. Schedule 3 - Approved Sub-processors: List of authorized sub-processors and their processing activities
4. Schedule 4 - Transfer Mechanisms: Details of international transfer mechanisms, including Standard Contractual Clauses if applicable
5. Schedule 5 - Contact Points: Key contacts for data protection matters, breach notification, and data subject requests
6. Appendix A - Data Subject Request Procedure: Detailed procedures for handling data subject rights requests
7. Appendix B - Data Breach Response Plan: Step-by-step protocol for responding to and reporting data breaches
Find the exact document you need
Data Privacy Agreement
An Irish law-governed Data Privacy Agreement ensuring GDPR compliance and establishing data processing responsibilities between parties.
Download
Personal Data Agreement
An Irish law-governed agreement establishing terms for personal data processing in compliance with GDPR and Irish data protection legislation.
Download
Joint Controller Data Sharing Agreement
An Irish law agreement establishing responsibilities and obligations between joint controllers for shared personal data processing under GDPR.
Download
Data Controller DPA
An Irish law-governed agreement setting out terms for processing personal data under GDPR, establishing controller-processor relationships and compliance obligations.
Download
Joint Data Controller Agreement
An Irish law-governed agreement establishing responsibilities and obligations between joint data controllers under GDPR and Irish data protection legislation.
Download
Supplier Data Processing Agreement
An Irish law-governed agreement establishing data processing terms between a company and supplier, ensuring GDPR compliance and data protection standards.
Download
Data Protection Addendum
An Irish law-governed Data Protection Addendum establishing GDPR-compliant terms for personal data processing between parties.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it