On mobile, our contracts display better in landscape mode. Rotate your device for the best viewing experience.
← Return to Menu
🏢

What is the Data Controller's legal name?

The party that determines purposes and means of processing

📍

Controller's registration and contact details

Address and company registration information

🔧

What is the Data Processor's legal name?

The third party processing data on your behalf

📮

Processor's registration and contact details

Address and company registration information

📅

When is the agreement dated?

The official date this DPA comes into effect

⏱️

What is the term of this agreement?

Most DPAs run indefinitely until the service contract ends

♾️
Indefinite
(Until termination)
📆
Fixed Term
(Specific end date)
GDPR Tip: DPAs typically run indefinitely and terminate when the underlying service agreement ends. This ensures continuous GDPR compliance throughout the business relationship.
📋

What is the subject matter of processing?

GDPR Article 28(3) requirement - describe the services provided

GDPR Article 28(3): You must clearly describe what the processor will do with the data. Be specific about the services provided.
⚙️

What is the nature of processing?

Describe the type of processing operations

Examples: Storage, retrieval, analysis, transmission, encryption, deletion, backup, archiving, monitoring, reporting.
🎯

What is the purpose of processing?

Why the processing is necessary

GDPR Tip: Purpose must align with your lawful basis for processing. Be clear and specific.
📊

What types of personal data will be processed?

List all categories of personal data

Be Comprehensive: List ALL data types. This affects data subject rights and breach notification requirements.
👥

Who do the data subjects include?

Categories of people whose data is being processed

Examples: Customers, employees, website visitors, prospective customers, contractors, suppliers, business contacts.
🛡️

What security measures are in place?

GDPR Article 32 - technical and organisational measures

ICO Guidance: Security measures must be appropriate to the risk. Be specific - generic statements are non-compliant.
🔗

Will the processor use sub-processors?

GDPR Article 28(2) requires written authorisation

No Sub-processors
General Authorisation
(with list)
GDPR Requirement: Controller must have opportunity to object before new sub-processors are engaged. 30 days is standard.
🌍

Will data be transferred outside UK/EEA?

GDPR Chapter V requires safeguards for international transfers

🇬🇧
No - All processing
within UK/EEA
✈️
Yes - International
transfers occur
Post-Brexit: UK-EEA transfers don't require additional safeguards. Transfers to US require SCCs/IDTA even under EU-US Data Privacy Framework.
🔍

How much notice for audits?

GDPR Article 28(3)(h) gives controllers right to audit

Balance: 30 days is standard - enough time for processor to prepare, but not so long that compliance issues go undetected.
🗑️

When should data be deleted after termination?

GDPR Article 28(3)(g) requires deletion or return of data

Immediately
📆
30 days
📅
60 days
🗓️
90 days
Best Practice: 30 days allows for transition period while ensuring timely deletion. Immediate deletion may be impractical for complex systems.
⚖️

What is the liability cap?

GDPR Article 82 allows unlimited liability by default

♾️
Unlimited
(GDPR default)
💰
Annual fees paid
to processor
✏️
Custom amount
Important: Liability caps don't apply to ICO fines or data subject compensation claims under GDPR Article 82.
⚖️

Which governing law and jurisdiction?

Choose the UK jurisdiction for this agreement

← Return to Menu

Your DPA is Ready

Review your Data Processing Agreement below

Export to Word for bespoke situations where additional customization or manual editing is required beyond the standard template.

Instant Access

Unlock Your DPA Now

Get instant access to both the Interview Version (this one) and the Editor Version in Word & PDF formats

Interview Version (Guided)
Editor Version (Manual)
Word & PDF Formats
Print Unlimited Copies
Use Forever
30-day money-back guarantee*
£20
One-Time Payment
No subscriptions, ever

Lifetime Access • Editor & Interview formats • Lifetime updates • No subscription

30-Day Money-Back Guarantee

We stand behind every template we sell. If something's technically wrong, we'll make it right.

You're Covered If:

  • File is corrupted or won't open
  • Missing content described on product page
  • Technical errors prevent use as described
  • File format incompatibility that prevents editing

Why you probably won't need this: You can preview the full template with watermark before purchase – so you'll know exactly what you're getting.

Bought the Wrong Template?

Mistakes happen – we get it. Within 30 days, here's how we can help:

Template Swap: We'll cancel your original and issue a different template of equal or lesser value.

Store Credit: Full purchase amount to use on any template. Never expires.

Offered at our discretion for genuine mistakes – we reserve the right to decline repeat or unreasonable requests.

How to Request:

Email [email protected] within 30 days with your order number.

We aim to respond within 2 business days. Approved refunds processed within 5 business days.