The Data Processing Agreement Addendum is essential when one organization (the processor) processes personal data on behalf of another organization (the controller) under Belgian jurisdiction. This document is required for GDPR compliance and must be implemented whenever there is processing of personal data by third parties. It supplements existing service agreements by adding specific data protection provisions, ensuring compliance with both EU GDPR and Belgian data protection laws. The addendum details critical aspects such as processing purposes, security requirements, breach notification procedures, and data transfer mechanisms. It becomes particularly important when organizations engage external service providers, cloud services, or any third-party vendors who will have access to or process personal data. The document must align with Belgian legal requirements while maintaining GDPR standards for data protection.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
1. Parties: Identification of the data controller and data processor, including full legal names and registered addresses
2. Background: Context of the addendum, reference to the main agreement, and purpose of the data processing relationship
3. Definitions: Key terms used in the agreement, including those from GDPR and any additional specific terms
4. Scope and Purpose of Processing: Detailed description of the authorized processing activities and their purposes
5. Duration: Term of the processing activities and relationship to the main agreement's duration
6. Nature and Purpose of Processing: Specific details about how and why the personal data will be processed
7. Processor Obligations: Core obligations of the processor including processing only on documented instructions, confidentiality, security measures, and sub-processor requirements
8. Controller Obligations: Responsibilities and obligations of the controller, including providing documented instructions and ensuring lawful basis for processing
9. Sub-processors: Conditions and requirements for engaging sub-processors, including authorization process
10. International Transfers: Rules and requirements for transferring personal data outside the EEA
11. Security Measures: Overview of technical and organizational security measures required
12. Data Breach Notification: Procedures and timeframes for notifying the controller of any personal data breaches
13. Audit Rights: Controller's rights to audit the processor and processor's obligations to contribute to audits
14. Return or Deletion of Data: Obligations regarding personal data at the end of processing activities
15. Liability and Indemnification: Allocation of responsibility and liability between parties
16. Governing Law and Jurisdiction: Confirmation of Belgian law as governing law and jurisdiction for disputes
1. Costs and Fees: Include when there are specific charging arrangements for processing activities or compliance with data subject rights
2. Insurance Requirements: Include when specific insurance coverage is required for data processing activities
3. Special Categories of Data: Include when processing involves sensitive personal data requiring additional safeguards
4. Data Protection Impact Assessments: Include when processing is likely to result in high risk to individuals
5. Joint Controller Provisions: Include when the relationship includes elements of joint controllership
6. Processor Direct Obligations: Include specific reference to Article 28-36 GDPR obligations when needed for clarity
1. Schedule 1 - Details of Processing: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes
2. Schedule 2 - Technical and Organizational Security Measures: Detailed description of specific security measures implemented by the processor
3. Schedule 3 - Authorized Sub-processors: List of approved sub-processors and their processing activities
4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for international data transfers (if applicable)
5. Schedule 5 - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches
6. Appendix A - Standard Contractual Clauses: EU Standard Contractual Clauses if required for international transfers
Find the exact document you need
Intra Group Data Processing Agreement
Belgian law-governed data processing agreement for intra-group data transfers and processing activities, ensuring GDPR compliance within corporate groups.
Download
Data Processing Agreement Addendum
A Belgian law-governed addendum that establishes GDPR-compliant terms for personal data processing between a controller and processor.
Download
Data Processing Contract
A Belgian law-governed agreement defining terms for processing personal data under GDPR and national data protection requirements.
Download
Controller To Controller Agreement GDPR
A Belgian law-governed agreement establishing GDPR-compliant data sharing arrangements between independent data controllers.
Download
Controller Processor Agreement
A Belgian law-governed agreement establishing terms for personal data processing between a controller and processor, complying with GDPR and Belgian Data Protection Act requirements.
Download
Sub Processing Agreement
A Belgian law-governed agreement establishing terms for sub-processor engagement in data processing activities, ensuring GDPR and local law compliance.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it