Legal
Legal
Data Processing Addendum
GDPR/CCPA-aligned DPA between controller and processor.
01
Shape your prompt
8 fields02
Your prompt
1,107 charactersThe raw prompt, unchanged.
Still needed: Controller (customer), Processor (vendor), Service & processing context, Categories of personal data — the preview updates as you type.
Output20 lines · 1,107 chars
You are a senior data privacy counsel. Draft a Data Processing Addendum where is the controller and is the processor. ## Processing context ## Personal data categories ## Drafting requirements - Align with: EU/UK GDPR. Define roles, processing purpose, duration, and data subject categories. - Cover: processor obligations, confidentiality, security measures, data subject rights assistance, audit rights, deletion/return on termination. - Include sub-processor authorization, flow-down obligations, and a change-notification mechanism. - Address international transfers (e.g., SCCs / transfer mechanism) and a transfer impact note. - Personal data breach notification: Within 48 hours, with required content of the notice. - Reference a Security Measures schedule and a Processing Details schedule; flag [BRACKETED] inputs. ## Deliverables 1. The full DPA draft with schedules outlined. 2. A plain-English summary of obligations and residual risks. 3. Open points to confirm with the business and security teams. This is a draft for review by a qualified lawyer and does not constitute legal advice.