1. Parties: Identification of the controller and processor, including full legal names, registration details, and registered addresses
2. Background: Context of the agreement, relationship between parties, and purpose of the processing activities
3. Definitions: Key terms used in the agreement, including GDPR-specific terminology and business-specific terms
4. Scope and Purpose of Processing: Detailed description of the processing activities, categories of data, and purposes of processing
5. Duration of Processing: Term of the agreement and processing activities, including conditions for termination
6. Obligations of the Processor: Core processor obligations under GDPR Article 28, including processing only on documented instructions
7. Confidentiality: Confidentiality obligations for the processor and their staff regarding personal data
8. Security Measures: Technical and organizational measures required to ensure appropriate security of processing
9. Sub-processing: Conditions and requirements for engaging sub-processors, including authorization process
10. Data Subject Rights: Processor's obligations to assist the controller in responding to data subject requests
11. Personal Data Breach: Notification requirements and procedures in case of data breaches
12. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance
13. Data Protection Impact Assessments: Processor's obligation to assist with DPIAs where required
14. Return or Deletion of Data: Obligations regarding data handling upon termination of services
15. Liability and Indemnities: Allocation of liability and indemnification provisions
16. Governing Law and Jurisdiction: Specification of Irish law as governing law and jurisdiction for disputes
