This Data Processing Agreement is essential for organizations operating in the Philippines that engage third parties to process personal data on their behalf. The document is required under the Philippine Data Privacy Act of 2012 and must be implemented whenever a data controller outsources the processing of personal data to a data processor. The agreement covers crucial aspects such as data security measures, confidentiality obligations, sub-processing requirements, breach notification procedures, and compliance with data subject rights. It is particularly important in contexts involving cross-border data transfers, cloud services, outsourcing arrangements, and any situation where personal data is handled by external service providers. The document must align with the National Privacy Commission's guidelines and includes specific provisions for demonstrating compliance with Philippine data protection regulations.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train 蜜桃传媒's AI
You keep IP ownership聽of your docs
Alternatively...
1. Parties: Identification of the Data Controller and Data Processor, including their complete legal names, addresses, and registration details
2. Background: Context of the agreement, relationship between the parties, and purpose of the data processing activities
3. Definitions: Definitions of key terms used in the agreement, aligned with Philippine Data Privacy Act definitions
4. Scope and Purpose of Processing: Detailed description of the authorized data processing activities, types of personal data, and processing purposes
5. Obligations of the Data Processor: Core responsibilities including processing only on documented instructions, confidentiality, security measures, and assistance to the controller
6. Obligations of the Data Controller: Responsibilities including providing clear instructions, ensuring legal basis for processing, and responding to data subject requests
7. Data Security Measures: Technical and organizational security measures required under Philippine law
8. Sub-processing: Conditions and requirements for engaging sub-processors
9. Data Breach Notification: Procedures for handling and reporting data breaches as per NPC requirements
10. Data Subject Rights: Procedures for handling data subject requests and assisting the controller in responding to them
11. Audit Rights: Controller's right to audit and processor's obligation to demonstrate compliance
12. Term and Termination: Duration of the agreement and termination provisions
13. Return or Deletion of Data: Obligations regarding personal data upon termination of services
14. Governing Law and Jurisdiction: Specification of Philippine law as governing law and jurisdiction for disputes
1. Cross-border Data Transfers: Required when personal data will be transferred outside the Philippines, including safeguards and compliance with NPC requirements
2. Special Categories of Data: Additional provisions when processing sensitive personal information as defined in the Data Privacy Act
3. Government Data Processing: Special provisions when processing data for or on behalf of government agencies
4. Data Protection Impact Assessment: Procedures for conducting DPIAs when required by the nature of processing
5. Insurance Requirements: Specific insurance obligations for data protection and cyber liability
6. Business Continuity: Provisions for ensuring continuous data protection during disruptions
7. Remote Working Provisions: Special measures for data processing in work-from-home arrangements as per NPC guidelines
1. Schedule 1 - Processing Activities: Detailed description of processing activities, including data categories, purposes, and duration
2. Schedule 2 - Technical and Organizational Measures: Specific security measures implemented to protect personal data
3. Schedule 3 - Authorized Sub-processors: List of approved sub-processors and their processing activities
4. Schedule 4 - Data Transfer Mechanisms: Details of cross-border transfer mechanisms and safeguards
5. Schedule 5 - Service Level Agreement: Performance metrics and response times for data protection-related services
6. Appendix A - Security Breach Response Plan: Detailed procedures for handling data breaches and security incidents
7. Appendix B - Data Subject Request Procedure: Process flow for handling data subject rights requests
Authors
Find the document you need
No items found.
骋别苍颈别鈥檚 Security Promise
蜜桃传媒 is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your data is private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on 蜜桃传媒 is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
