������Ƶ

This Data Processing Contract is essential for organizations in the Philippines that engage third parties to process personal data on their behalf. It is required under the Data Privacy Act of 2012 and its implementing regulations, which mandate specific contractual safeguards for personal data processing. The document should be used whenever an organization (data controller) outsources the processing of personal data to another entity (data processor), whether for services such as cloud storage, payroll processing, customer service, or any other data processing activities. It includes crucial provisions on data security, confidentiality, breach notification, audit rights, and compliance with Philippine privacy laws. The agreement is particularly important given the strict penalties for non-compliance with Philippine data protection requirements and the increasing focus on data privacy protection by the National Privacy Commission.

1. Parties: Identifies the data controller and data processor, including their registered addresses and company details

2. Background: Explains the context of the data processing relationship and the purpose of the agreement

3. Definitions: Defines key terms used in the agreement, particularly those from the Data Privacy Act

4. Scope and Purpose of Processing: Details the specific data processing activities authorized under the agreement

5. Duration of Processing: Specifies the term of the agreement and processing activities

6. Types of Personal Data: Describes the categories of personal data to be processed

7. Rights and Obligations of the Data Controller: Outlines the controller's responsibilities and authority over the data

8. Obligations of the Data Processor: Details the processor's duties including security measures, confidentiality, and processing limitations

9. Security Measures: Specifies technical and organizational measures required to protect personal data

10. Sub-processing: Rules and requirements for engaging sub-processors

11. Data Breach Notification: Procedures for reporting and handling data breaches

12. Audit Rights: Controller's rights to audit processor's compliance

13. Data Subject Rights: Procedures for handling data subject requests

14. Return or Deletion of Data: Requirements for data handling upon contract termination

15. Liability and Indemnification: Allocation of risks and responsibilities between parties

16. Termination: Conditions and procedures for ending the agreement

17. Governing Law and Jurisdiction: Specifies Philippine law as governing law and jurisdiction for disputes