This Data Processing Agreement (DPA) is essential for organizations operating in the UAE that engage third parties to process personal data on their behalf. The document is required under UAE Federal Decree-Law No. 45/2021 and must be implemented when a data controller outsources any processing of personal data to a data processor. The agreement sets out specific obligations for both parties, ensuring compliance with UAE data protection requirements, including those specific to free zones like DIFC and ADGM. It covers crucial aspects such as security measures, data breach protocols, cross-border transfers, and sub-processing arrangements. This DPA is particularly important given the UAE's increasing focus on data protection and privacy rights, with significant penalties for non-compliance.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
Alternatively...
1. Parties: Identification of the data controller and data processor, including their registered addresses and authorized representatives
2. Background: Context of the agreement, relationship between parties, and purpose of data processing activities
3. Definitions: Key terms used in the agreement, aligned with UAE Federal Decree-Law No. 45/2021 definitions
4. Scope and Purpose of Processing: Detailed description of the data processing activities, categories of data subjects, and types of personal data
5. Obligations of the Data Processor: Core responsibilities of the processor including processing only on documented instructions, confidentiality, security measures
6. Obligations of the Data Controller: Responsibilities of the controller including lawful basis for processing, providing documented instructions
7. Technical and Organizational Measures: Security measures required to protect personal data as per UAE law
8. Sub-processing: Conditions and requirements for engaging sub-processors
9. Data Subject Rights: Procedures for handling data subject requests and processor's assistance obligations
10. Personal Data Breach: Breach notification procedures and timeline requirements under UAE law
11. Data Protection Impact Assessments: Cooperation requirements for impact assessments and prior consultations
12. Term and Termination: Duration of the agreement and termination provisions
13. Return or Deletion of Data: Obligations regarding personal data upon termination of services
14. Audit Rights: Controller's audit rights and processor's obligations to demonstrate compliance
15. Governing Law and Jurisdiction: Specification of UAE law as governing law and jurisdiction for disputes
1. Cross-border Data Transfers: Required when personal data will be transferred outside the UAE, including mechanisms for ensuring adequate protection
2. Sector-Specific Requirements: Additional provisions for regulated sectors like healthcare or financial services
3. Free Zone Specific Provisions: Additional requirements when operating within DIFC or ADGM
4. Data Protection Officer: Details of DPO appointments and responsibilities when required by law
5. Insurance Requirements: Specific insurance obligations for data processing activities
6. Business Continuity: Requirements for ensuring continuous data processing capabilities
7. Exit Management: Detailed procedures for transitioning services to another processor
1. Processing Activities Schedule: Detailed description of processing activities, including purposes, categories of data and data subjects
2. Technical and Organizational Measures: Detailed security measures and controls implemented to protect personal data
3. Approved Sub-processors: List of pre-approved sub-processors and their processing activities
4. Data Transfer Mechanisms: Details of mechanisms used for international data transfers if applicable
5. Service Level Agreement: Performance metrics and service levels for data processing activities
6. Fee Schedule: Pricing and payment terms for data processing services
7. Contact Details: Key contacts for both parties including emergency contacts for breach notification
Authors
Find the document you need
No items found.
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your data is private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
