1. Parties: Identification of the data controller and data processor (or joint controllers), including full legal names, registration numbers, and registered addresses
2. Background: Context of the agreement, relationship between the parties, and purpose of the data processing activities
3. Definitions: Definitions of key terms used in the agreement, including GDPR-specific terminology
4. Scope and Purpose of Processing: Detailed description of the personal data to be processed and the specific purposes for processing
5. Duration of Processing: Timeframe for the data processing activities and the agreement's term
6. Nature and Categories of Personal Data: Specification of the types of personal data being processed and categories of data subjects
7. Obligations of the Data Processor: Processor's commitments including security measures, confidentiality, sub-processing rules, and assistance obligations
8. Rights and Obligations of the Data Controller: Controller's responsibilities, including instructions for processing and monitoring rights
9. Data Subject Rights: Procedures for handling data subject requests and ensuring data subject rights
10. Data Security: Security measures required to protect personal data during processing
11. Data Breach Notification: Procedures and timeframes for reporting and handling personal data breaches
12. Audit Rights: Controller's rights to audit the processor's compliance and processor's obligations to demonstrate compliance
13. Liability and Indemnities: Allocation of liability between parties and indemnification provisions
14. Termination: Conditions for termination and obligations regarding data return or deletion
15. Governing Law and Jurisdiction: Specification of Irish law as governing law and jurisdiction for disputes
