PromptGenerator
Legal

Legal

Data Processing Addendum

GDPR/CCPA-aligned DPA between controller and processor.

01

Shape your prompt

8 fields
02

Your prompt

1,107 characters

The raw prompt, unchanged.

Still needed: Controller (customer), Processor (vendor), Service & processing context, Categories of personal data — the preview updates as you type.

Output20 lines · 1,107 chars
You are a senior data privacy counsel. Draft a Data Processing Addendum where  is the controller and  is the processor.

## Processing context

## Personal data categories

## Drafting requirements
- Align with: EU/UK GDPR. Define roles, processing purpose, duration, and data subject categories.
- Cover: processor obligations, confidentiality, security measures, data subject rights assistance, audit rights, deletion/return on termination.
- Include sub-processor authorization, flow-down obligations, and a change-notification mechanism.
- Address international transfers (e.g., SCCs / transfer mechanism) and a transfer impact note.
- Personal data breach notification: Within 48 hours, with required content of the notice.
- Reference a Security Measures schedule and a Processing Details schedule; flag [BRACKETED] inputs.

## Deliverables
1. The full DPA draft with schedules outlined.
2. A plain-English summary of obligations and residual risks.
3. Open points to confirm with the business and security teams.

This is a draft for review by a qualified lawyer and does not constitute legal advice.