Commissioned Data Processing Agreement

Commissioned Data Processing Agreement Template for India

Create a bespoke document in minutes, or upload and review your own.

4.6 / 5

4.8 / 5

Let's create your Commissioned Data Processing Agreement

1. Select your governing law and document type:

2. Enter your key requirements:

3. Create your document to edit, review or download

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

"I need a Commissioned Data Processing Agreement for my healthcare software company based in Mumbai to engage a cloud service provider who will process patient data, with specific provisions for data localization and enhanced security measures as required by Indian healthcare regulations."

Document background

The Commissioned Data Processing Agreement is essential for organizations operating in India that outsource the processing of personal data to third parties. This document is required under Indian data protection laws, particularly the IT Act and DPDP Act 2023, when a data controller engages a data processor to handle personal data on their behalf. The agreement defines the scope of processing activities, establishes security and confidentiality requirements, outlines compliance obligations, and allocates responsibilities between parties. It includes specific provisions required by Indian law, such as data localization requirements for certain types of data, mandatory security measures, and breach notification obligations. This agreement is particularly crucial given India's position as a global hub for data processing services and the increasing focus on data protection compliance.

Suggested Sections

1. Parties: Identification of the Data Controller and Data Processor, including registered addresses and company details

2. Background: Context of the agreement, relationship between parties, and purpose of data processing

3. Definitions: Definitions of key terms used in the agreement, aligned with Indian data protection laws

4. Scope and Purpose of Processing: Detailed description of the data processing activities, types of data, and processing purposes

5. Obligations of the Data Processor: Core responsibilities including processing only on documented instructions, confidentiality, security measures

6. Obligations of the Data Controller: Responsibilities including lawful basis for processing, accuracy of data, providing clear instructions

7. Security Measures: Technical and organizational measures required to ensure data security as per Indian regulations

8. Confidentiality: Confidentiality obligations and measures to ensure staff compliance

9. Sub-processing: Conditions and requirements for engaging sub-processors

10. Data Subject Rights: Procedures for handling data subject requests and assistance to the controller

11. Data Breach Notification: Procedures and timelines for reporting data breaches as per Indian law

12. Audit Rights: Controller's right to audit and processor's obligation to demonstrate compliance

13. Liability and Indemnification: Allocation of liability and indemnification obligations

14. Term and Termination: Duration of agreement, termination conditions, and data handling post-termination

15. Governing Law and Jurisdiction: Specification of Indian law as governing law and jurisdiction for disputes

Optional Sections

1. International Data Transfers: Required when data processing involves transfer outside India, addressing compliance with cross-border data transfer requirements

2. Data Localization: Required for processing of sensitive data or when dealing with specific sectors like banking that have data localization requirements

3. Business Continuity and Disaster Recovery: Optional section for critical processing activities requiring specific recovery measures

4. Insurance Requirements: Optional section specifying insurance coverage requirements for data processing activities

5. Change Control Procedure: Optional section for complex processing arrangements requiring formal procedures for changes to processing activities

6. Service Level Agreement: Optional section for processing activities with specific performance requirements

7. Exit Management: Detailed procedures for transition of services, required for complex processing arrangements

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including data types, purposes, and duration

2. Schedule 2 - Security Measures: Detailed technical and organizational security measures implemented by the processor

3. Schedule 3 - Approved Sub-processors: List of approved sub-processors and their processing activities

4. Schedule 4 - Data Transfer Mechanisms: Details of mechanisms used for any international data transfers

5. Schedule 5 - Contact Details and Escalation Matrix: Contact information for key personnel and escalation procedures

6. Schedule 6 - Fees and Payment Terms: Commercial terms and payment details for processing services

7. Appendix A - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches

8. Appendix B - Audit Procedures: Detailed procedures for conducting audits and assessments

Authors

Alex Denne

Head of Growth (Open Source Law) @ ��Ƶ | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

alex.den.21@genieai.co

Relevant legal definitions

Clauses

Relevant Industries

Information Technology

Healthcare

Financial Services

E-commerce

Telecommunications

Business Process Outsourcing

Insurance

Manufacturing

Retail

Education

Professional Services

Pharmaceuticals

Digital Services

Cloud Services

Relevant Teams

Legal

Compliance

Information Security

Privacy

Risk Management

Procurement

Operations

Data Protection

Information Governance

Vendor Management

Corporate Affairs

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Chief Information Security Officer

Legal Counsel

Compliance Manager

IT Director

Chief Technology Officer

Privacy Manager

Information Security Manager

Risk Manager

Operations Director

Procurement Manager

Contract Manager

Chief Operating Officer

Data Protection Specialist

Information Governance Manager

Find the exact document you need

Third Party Processing Agreement

An Indian law-governed agreement establishing terms for third-party processing of personal and sensitive data, ensuring compliance with IT Act and Rules.

��������Ƶ

How ��������Ƶ reduced drafting time by 75% for a legal firm

Let's create your Commissioned Data Processing Agreement

Authors

Alex Denne

Find the exact document you need

Third Party Processing Agreement

Controller To Controller Agreement

Product Development Non Disclosure Agreement

Joint Controller Data Processing Agreement

Standard Data Processing Agreement

Dpia Agreement

Data Agreement

Data Addendum

Controller Processor Contract

DPA Contract

Third Party Processor Agreement

Personal Data Collection Agreement

International Data Protection Agreement

Processor To Processor DPA

Master Data Protection Agreement

Intra Group Data Transfer Agreement

Data Management Agreement

Data Controller To Data Controller Agreement

Commissioned Data Processing Agreement

Intercompany Data Processing Agreement

DPA Agreement

Third Party Data Processing Agreement

Data Transfer Addendum

Supplier Data Processing Agreement

Personal Data Transfer Agreement

Personal Data Protection Agreement

Order Processing Agreement

Data Protection Agreement For Employees

Affiliate Addendum

Data Privacy Addendum

Sub Processing Agreement

International Data Transfer Agreement

Data Protection Addendum

Download our whitepaper on the future of AI in Legal

�ұ�Ծ���’s Security Promise

Your documents are private:

Your documents are protected:

Organizational security

Innovation in privacy:

Want to know more?

Use Cases

��Ƶ

How ��Ƶ reduced drafting time by 75% for a legal firm

�ұ�Ծ��’s Security Promise