Data Processing Contract Template for Austria

A Data Processing Contract is required whenever an organization (data controller) engages another organization (data processor) to process personal data on its behalf. This contract, governed by Austrian law, ensures compliance with Article 28 of the GDPR and the Austrian Data Protection Act (DSG). It is essential for businesses operating in or from Austria that outsource any form of data processing, from cloud services to payroll management. The document must include specific provisions required by Austrian law while maintaining alignment with broader EU data protection requirements. This contract type is particularly important as it helps organizations demonstrate compliance with accountability principles under GDPR and provides clear guidelines for data handling, security measures, and breach notification procedures.

1. Parties: Identification of the data controller and data processor, including full legal names and registered addresses

2. Background: Context of the processing relationship and brief description of services requiring data processing

3. Definitions: Key terms used in the agreement, including those from GDPR Article 4 and any contract-specific terms

4. Scope and Purpose of Processing: Detailed description of what personal data will be processed and for what specific purposes

5. Duration of Processing: Timeline for the processing activities, including start date and termination conditions

6. Obligations of the Processor: Core processor obligations under GDPR Article 28, including processing only on documented instructions

7. Obligations of the Controller: Controller's responsibilities including providing documented instructions and ensuring legal basis for processing

8. Sub-processing: Conditions and requirements for engaging sub-processors, including authorization process

9. Technical and Organizational Measures: Security measures to ensure appropriate level of data protection

10. Data Breaches: Procedures for handling and reporting personal data breaches

11. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance

12. Data Subject Rights: Processor's assistance in responding to data subject requests

13. Cross-border Data Transfers: Rules and safeguards for any international data transfers

14. Termination: Conditions for termination and data handling upon agreement end

15. General Provisions: Standard contractual terms including governing law, jurisdiction, and amendments