The Commissioned Data Processing Agreement is essential for organizations operating in India that outsource the processing of personal data to third parties. This document is required under Indian data protection laws, particularly the IT Act and DPDP Act 2023, when a data controller engages a data processor to handle personal data on their behalf. The agreement defines the scope of processing activities, establishes security and confidentiality requirements, outlines compliance obligations, and allocates responsibilities between parties. It includes specific provisions required by Indian law, such as data localization requirements for certain types of data, mandatory security measures, and breach notification obligations. This agreement is particularly crucial given India's position as a global hub for data processing services and the increasing focus on data protection compliance.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
Alternatively...
1. Parties: Identification of the Data Controller and Data Processor, including registered addresses and company details
2. Background: Context of the agreement, relationship between parties, and purpose of data processing
3. Definitions: Definitions of key terms used in the agreement, aligned with Indian data protection laws
4. Scope and Purpose of Processing: Detailed description of the data processing activities, types of data, and processing purposes
5. Obligations of the Data Processor: Core responsibilities including processing only on documented instructions, confidentiality, security measures
6. Obligations of the Data Controller: Responsibilities including lawful basis for processing, accuracy of data, providing clear instructions
7. Security Measures: Technical and organizational measures required to ensure data security as per Indian regulations
8. Confidentiality: Confidentiality obligations and measures to ensure staff compliance
9. Sub-processing: Conditions and requirements for engaging sub-processors
10. Data Subject Rights: Procedures for handling data subject requests and assistance to the controller
11. Data Breach Notification: Procedures and timelines for reporting data breaches as per Indian law
12. Audit Rights: Controller's right to audit and processor's obligation to demonstrate compliance
13. Liability and Indemnification: Allocation of liability and indemnification obligations
14. Term and Termination: Duration of agreement, termination conditions, and data handling post-termination
15. Governing Law and Jurisdiction: Specification of Indian law as governing law and jurisdiction for disputes
1. International Data Transfers: Required when data processing involves transfer outside India, addressing compliance with cross-border data transfer requirements
2. Data Localization: Required for processing of sensitive data or when dealing with specific sectors like banking that have data localization requirements
3. Business Continuity and Disaster Recovery: Optional section for critical processing activities requiring specific recovery measures
4. Insurance Requirements: Optional section specifying insurance coverage requirements for data processing activities
5. Change Control Procedure: Optional section for complex processing arrangements requiring formal procedures for changes to processing activities
6. Service Level Agreement: Optional section for processing activities with specific performance requirements
7. Exit Management: Detailed procedures for transition of services, required for complex processing arrangements
1. Schedule 1 - Processing Activities: Detailed description of processing activities, including data types, purposes, and duration
2. Schedule 2 - Security Measures: Detailed technical and organizational security measures implemented by the processor
3. Schedule 3 - Approved Sub-processors: List of approved sub-processors and their processing activities
4. Schedule 4 - Data Transfer Mechanisms: Details of mechanisms used for any international data transfers
5. Schedule 5 - Contact Details and Escalation Matrix: Contact information for key personnel and escalation procedures
6. Schedule 6 - Fees and Payment Terms: Commercial terms and payment details for processing services
7. Appendix A - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches
8. Appendix B - Audit Procedures: Detailed procedures for conducting audits and assessments
Authors
Find the document you need
Pre Negotiation Agreement
An Indian law-governed agreement establishing confidentiality and framework for business negotiations, with binding and non-binding elements.
Download
Controller To Controller Agreement
An Indian law-governed agreement establishing terms for personal data sharing between independent data controllers, ensuring compliance with DPDP Act 2023.
Download
Joint Controller Data Processing Agreement
An Indian law-compliant agreement establishing roles and responsibilities between joint controllers for personal data processing activities.
Download
Data Addendum
An Indian law-governed document that sets out data processing terms and compliance requirements under Indian data protection legislation.
Download
International Data Protection Agreement
An Indian law-governed agreement regulating international personal data transfers and processing, ensuring compliance with India's data protection regulations.
Download
Intra Group Data Transfer Agreement
A comprehensive agreement governing intra-group data transfers in India, ensuring compliance with Indian data protection laws and establishing data handling protocols between group entities.
Download
Data Controller To Data Controller Agreement
An Indian law-governed agreement establishing terms for personal data sharing between two independent data controllers, ensuring compliance with Indian data protection regulations.
Download
Commissioned Data Processing Agreement
An Indian law-governed agreement establishing terms for commissioned data processing, ensuring compliance with Indian data protection regulations.
Download
Intercompany Data Processing Agreement
An Indian law-governed agreement regulating intra-group personal data processing activities, ensuring compliance with Indian data protection regulations.
Download
DPA Agreement
An Indian law-compliant agreement governing the processing of personal data between a controller and processor, ensuring compliance with the Digital Personal Data Protection Act, 2023.
Download
Data Transfer Addendum
A legal addendum governing data transfers under Indian law, ensuring compliance with the DPDP Act 2023 and establishing data protection requirements between parties.
Download
Personal Data Protection Agreement
Indian law-compliant Personal Data Protection Agreement governing the processing of personal data between parties under DPDP Act 2023.
Download
Data Protection Agreement For Employees
An India-compliant agreement governing the protection and processing of employee personal data under Indian data protection laws.
Download
Affiliate Addendum
An India-compliant addendum governing affiliate marketing relationships, specifying commission structures and regulatory compliance requirements under Indian law.
Download
Data Privacy Addendum
An Indian law-compliant addendum governing personal data processing and protection obligations between contracting parties.
Download
Sub Processing Agreement
An Indian law-compliant agreement governing data handling between a processor and sub-processor, ensuring adherence to Indian data protection regulations.
Download
International Data Transfer Agreement
An Indian law-governed agreement for secure and compliant international transfer of personal data, ensuring adherence to the Digital Personal Data Protection Act, 2023.
Download
Data Protection Addendum
A legal document under Indian law that sets out data protection obligations and requirements between parties handling personal data, ensuring compliance with the DPDP Act 2023.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your data is private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
