The Controller Processor Agreement is a mandatory requirement under Article 28 of the GDPR and the Belgian Data Protection Act when an organization (controller) engages another party (processor) to process personal data on its behalf. This document is essential for ensuring compliance with data protection laws in Belgium and the broader EU, establishing clear responsibilities and obligations for both parties. It must be in place before any data processing begins and should detail the nature, scope, and purpose of processing, security measures, confidentiality requirements, and procedures for data breach notification. The agreement must reflect both Belgian-specific legal requirements and broader EU data protection principles, making it particularly relevant for organizations operating in or providing services to Belgian entities. It forms a crucial part of an organization's data protection compliance framework and should be regularly reviewed to ensure ongoing alignment with evolving data protection requirements and guidance from the Belgian Data Protection Authority.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership of your docs
1. Parties: Identification of the Data Controller and Data Processor, including registered addresses and authorized representatives
2. Background: Context of the agreement, relationship between parties, and purpose of data processing activities
3. Definitions: Key terms used in the agreement, incorporating GDPR definitions and any additional specific terms
4. Scope and Purpose of Processing: Detailed description of authorized processing activities, categories of data, and processing purposes
5. Duration: Term of the agreement, including commencement date and termination provisions
6. Nature and Purpose of Processing: Specific details about how and why the data will be processed
7. Processor Obligations: Core obligations under GDPR Article 28, including processing only on documented instructions
8. Security Measures: Technical and organizational measures to ensure appropriate security of processing
9. Sub-processing: Conditions and requirements for engaging sub-processors
10. Data Subject Rights: Processor's obligations to assist controller in responding to data subject requests
11. Data Breach Notification: Procedures and timelines for notifying the controller of any personal data breaches
12. Audit Rights: Controller's rights to audit and inspect processor's compliance
13. Cross-border Transfers: Rules and safeguards for transfers of personal data outside the EEA
14. Confidentiality: Confidentiality obligations regarding processed personal data
15. Termination and Data Deletion: Procedures for agreement termination and subsequent data handling
16. Governing Law and Jurisdiction: Specification of Belgian law as governing law and jurisdiction for disputes
1. Insurance Requirements: Specific insurance obligations for the processor - include when processing sensitive data or high-risk processing
2. Processor Personnel: Specific requirements for processor's staff - relevant when personnel have direct access to sensitive data
3. Business Continuity: Business continuity and disaster recovery requirements - important for critical processing activities
4. Special Categories of Data: Additional safeguards for processing special categories of personal data - include when applicable
5. Joint Controller Provisions: Additional provisions if any aspects of the relationship involve joint controllership
6. Industry-Specific Requirements: Specific provisions for regulated industries (healthcare, financial services, etc.)
7. Data Protection Impact Assessment: Cooperation in DPIAs - include for high-risk processing activities
1. Description of Processing Activities: Detailed matrix of data types, processing purposes, categories of data subjects
2. Technical and Organizational Measures: Detailed description of security measures implemented by the processor
3. Approved Sub-processors: List of pre-approved sub-processors and their processing activities
4. Transfer Mechanisms: Details of mechanisms used for international data transfers (if applicable)
5. Security Breach Response Plan: Detailed procedures for handling and reporting data breaches
6. Data Deletion and Return Procedures: Technical procedures for secure data deletion and return
7. Audit Procedures: Detailed procedures and requirements for conducting audits
Find the exact document you need
Intra Group Data Processing Agreement
Belgian law-governed data processing agreement for intra-group data transfers and processing activities, ensuring GDPR compliance within corporate groups.
Download
Data Processing Agreement Addendum
A Belgian law-governed addendum that establishes GDPR-compliant terms for personal data processing between a controller and processor.
Download
Data Processing Contract
A Belgian law-governed agreement defining terms for processing personal data under GDPR and national data protection requirements.
Download
Controller To Controller Agreement GDPR
A Belgian law-governed agreement establishing GDPR-compliant data sharing arrangements between independent data controllers.
Download
Controller Processor Agreement
A Belgian law-governed agreement establishing terms for personal data processing between a controller and processor, complying with GDPR and Belgian Data Protection Act requirements.
Download
Sub Processing Agreement
A Belgian law-governed agreement establishing terms for sub-processor engagement in data processing activities, ensuring GDPR and local law compliance.
Download
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it