The International Data Transfer Agreement is essential for organizations transferring personal data from the Netherlands/EU to countries outside the European Economic Area. It becomes necessary when an organization needs to share personal data with entities in third countries that lack an EU adequacy decision. This agreement is structured to comply with Dutch law, GDPR requirements, and the enhanced obligations following the Schrems II decision. It includes detailed provisions for data protection measures, transfer impact assessments, technical and organizational safeguards, and mechanisms for ensuring continued compliance. The agreement is particularly crucial following increased scrutiny of international data flows and the invalidation of previous transfer mechanisms like the Privacy Shield.
Create a bespoke document in minutes, or upload and review your own.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership聽of your information
Key Requirements PROMPT example:
International Data Transfer Agreement
"I need an International Data Transfer Agreement for transferring customer health records from our Dutch medical research facility to our research partners in Singapore, with enhanced security measures and specific provisions for special categories of personal data, to be implemented by March 2025."
1. Parties: Identification of the data exporter and data importer, including their roles (controller/processor) and full contact details
2. Background: Context of the transfer, relationship between parties, and purpose of the agreement
3. Definitions: Definitions of key terms used in the agreement, aligned with GDPR terminology
4. Scope and Purpose of Processing: Detailed description of the data transfers, categories of data subjects, types of personal data, and processing purposes
5. Duration: Term of the agreement and provisions for termination
6. Data Protection Obligations: Core obligations of both parties regarding data protection, including security measures, confidentiality, and data subject rights
7. Transfer Impact Assessment: Assessment of the transfer risks and implemented safeguards in light of Schrems II requirements
8. Sub-processing: Conditions and requirements for engaging sub-processors
9. Data Subject Rights: Procedures for handling data subject requests and maintaining their rights
10. Data Breach Notification: Procedures and timelines for reporting and handling personal data breaches
11. Audit Rights: Provisions for monitoring compliance and conducting audits
12. Return or Deletion of Data: Obligations regarding data handling upon agreement termination
13. Liability and Indemnification: Allocation of responsibilities and liabilities between parties
14. Governing Law and Jurisdiction: Specification of Dutch law as governing law and jurisdiction for disputes
1. Data Protection Officer Details: Required when either party has appointed a DPO under GDPR Article 37
2. Representatives in the EU: Required when the data importer is not established in the EU
3. Special Categories of Data: Required when sensitive personal data is being transferred
4. Local Law Assessment: Detailed assessment of recipient country laws when transferring to high-risk jurisdictions
5. Joint Controller Provisions: Required when parties are acting as joint controllers rather than controller-processor
6. Specific Security Requirements: Additional security requirements beyond standard measures for highly sensitive data
7. Insurance Requirements: Specific insurance obligations for high-risk transfers
1. Schedule 1 - Transfer Details: Detailed specification of data transfers including data categories, purposes, and frequencies
2. Schedule 2 - Technical and Organizational Measures: Comprehensive description of security measures implemented by both parties
3. Schedule 3 - Sub-processors: List of approved sub-processors and their processing activities
4. Schedule 4 - Transfer Impact Assessment: Detailed assessment of transfer risks and safeguards
5. Schedule 5 - Standard Contractual Clauses: EU Standard Contractual Clauses incorporated into the agreement
6. Appendix 1 - Contact Details: Contact information for key personnel and data protection officers
7. Appendix 2 - Security Breach Response Plan: Detailed procedures for handling and reporting data breaches
Authors
Relevant legal definitions
Clauses
Relevant Industries
Technology
Healthcare
Financial Services
E-commerce
Professional Services
Manufacturing
Education
Telecommunications
Research and Development
Cloud Services
Consulting
Human Resources
Marketing Services
Insurance
Pharmaceuticals
Relevant Teams
Legal
Compliance
Information Security
IT
Data Protection
Risk Management
Procurement
Operations
Information Governance
Privacy Office
Relevant Roles
Data Protection Officer
Privacy Counsel
Legal Counsel
Compliance Manager
Information Security Officer
Chief Technology Officer
Privacy Manager
Chief Information Security Officer
Data Protection Manager
General Counsel
IT Director
Risk Manager
Procurement Manager
Contract Manager
Chief Operations Officer
Find the exact document you need
International Data Transfer Addendum
Dutch law-governed International Data Transfer Addendum for GDPR-compliant personal data transfers from the Netherlands/EU to non-EEA countries.
find out more
Intra Group Data Processing Agreement
Dutch law-governed data processing agreement for intra-group personal data transfers and processing, ensuring GDPR compliance within corporate groups.
find out more
Controller To Controller Agreement
A Dutch law-governed agreement between two data controllers establishing terms for compliant personal data sharing under GDPR and UAVG.
find out more
Product Development Non Disclosure Agreement
Dutch law-governed NDA for protecting confidential information in product development activities, including technical specifications and intellectual property.
find out more
Data Processing Contract
Dutch law-governed Data Processing Contract establishing GDPR-compliant terms between controller and processor.
find out more
Joint Controller Agreement
A Dutch law-governed agreement establishing responsibilities and obligations between joint controllers under GDPR and UAVG for shared data processing activities.
find out more
Dpia Agreement
A Dutch law agreement establishing the framework for conducting Data Protection Impact Assessments (DPIAs) in compliance with GDPR and local privacy regulations.
find out more
Data Processing Addendum
A Dutch law-governed agreement establishing GDPR-compliant terms for personal data processing between a controller and processor.
find out more
Data Agreement
A Dutch law-governed agreement establishing terms for data processing and sharing, ensuring compliance with Dutch and EU data protection regulations.
find out more
Data Addendum
A Dutch law-governed supplementary agreement that adds GDPR and UAVG-compliant data protection terms to an existing contract.
find out more
Third Party Processor Agreement
A Dutch law-governed agreement establishing terms for third-party processing of personal data under GDPR and UAVG requirements.
find out more
Intercompany Data Processing Agreement
A Dutch law-governed agreement regulating personal data processing between affiliated companies within the same corporate group, ensuring GDPR compliance.
find out more
Third Party Data Processing Agreement
Dutch law-governed agreement establishing GDPR-compliant terms for third-party processing of personal data, aligned with both EU and Dutch data protection requirements.
find out more
Controller Processor Agreement
A Dutch law-governed agreement establishing GDPR-compliant terms for personal data processing between controller and processor.
find out more
Order Processing Agreement
A Dutch-law governed agreement between a data controller and processor establishing terms for personal data processing under GDPR and Dutch UAVG requirements.
find out more
Affiliate Addendum
Dutch law-governed addendum for affiliate marketing arrangements, outlining partnership terms, commissions, and compliance requirements.
find out more
Sub Processing Agreement
Dutch law-governed agreement between a processor and sub-processor for GDPR-compliant data processing activities.
find out more
International Data Transfer Agreement
Dutch law-governed agreement for international personal data transfers, incorporating EU Standard Contractual Clauses and GDPR compliance measures.
find out more
Data Protection Addendum
Dutch law-governed data protection addendum establishing GDPR-compliant terms for personal data processing between controllers and processors.
find out more
Download our whitepaper on the future of AI in Legal
By providing your email address you are consenting to our Privacy Notice.
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a 拢1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.