This Data Processing Agreement is essential for organizations in Australia that engage third parties to process personal information on their behalf. It is required to comply with the Privacy Act 1988 and Australian Privacy Principles, which mandate appropriate contractual safeguards when sharing personal information with service providers. The agreement should be used whenever an organization (Data Controller) engages another party (Data Processor) to perform any operation on personal information, such as collection, storage, analysis, or transfer. It includes detailed provisions on security measures, breach notification procedures, sub-processing arrangements, and data subject rights, tailored to meet Australian privacy law requirements. This document is particularly crucial given the increasing regulatory focus on data protection and the significant penalties for privacy breaches under Australian law.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership of your docs
Alternatively...
1. Parties: Identification of the Data Controller and Data Processor, including full legal names, registration numbers, and registered addresses
2. Background: Context of the agreement, relationship between parties, and purpose of the data processing activities
3. Definitions: Key terms used throughout the agreement, including 'Personal Data', 'Processing', 'Data Subject', 'Controller', 'Processor', etc.
4. Scope and Purpose of Processing: Detailed description of the data processing activities, types of data involved, and permitted purposes
5. Duration: Term of the agreement and conditions for termination
6. Obligations of the Data Processor: Core responsibilities including processing only on documented instructions, ensuring confidentiality, implementing security measures
7. Obligations of the Data Controller: Responsibilities including providing lawful instructions, ensuring legal basis for processing
8. Security Measures: Technical and organizational measures required to protect personal data
9. Sub-processing: Conditions and requirements for engaging sub-processors
10. Data Breach Notification: Procedures for handling and reporting data breaches
11. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance
12. Data Subject Rights: Processor's assistance in responding to data subject requests
13. Return or Deletion of Data: Requirements for data handling upon agreement termination
14. Liability and Indemnities: Allocation of risks and responsibilities between parties
15. General Provisions: Standard contractual terms including governing law, jurisdiction, and amendment procedures
1. Cross-border Data Transfers: Required when personal data will be transferred outside Australia, specifying transfer mechanisms and safeguards
2. Special Categories of Data: Required when processing sensitive information as defined in the Privacy Act
3. Data Protection Impact Assessment: Required when processing is likely to result in high risk to individuals
4. Industry-Specific Requirements: Required when processing data in regulated sectors (e.g., healthcare, financial services)
5. Government Data Requirements: Required when processing involves government agency data
6. Consumer Data Right Compliance: Required when processing involves CDR data in applicable sectors
1. Description of Processing Activities: Detailed specification of processing activities, categories of data subjects, types of personal data
2. Technical and Organizational Security Measures: Detailed description of security measures implemented by the processor
3. Approved Sub-processors: List of pre-approved sub-processors and their processing activities
4. Data Transfer Mechanisms: Details of mechanisms used for international data transfers if applicable
5. Service Level Agreement: Performance metrics and service levels for data processing activities
6. Fee Schedule: Pricing and payment terms for processing services if applicable
Authors
Find the document you need
No items found.
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your data is private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
