All Countries
Compliance
Data Protection Addendum

Data Protection Addendum Template for Austria

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Protection Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Protection Addendum

"I need a Data Protection Addendum under Austrian law for a cloud service provider relationship involving international data transfers to the US and multiple sub-processors, to be effective from March 2025."

Celebrated by
Collaborations with
Investors
Document background
The Data Protection Addendum (DPA) is essential for organizations engaging in personal data processing activities under Austrian jurisdiction. It is specifically required when one party (the processor) processes personal data on behalf of another party (the controller), as mandated by Article 28 of the GDPR and the Austrian Data Protection Act. The document supplements existing service agreements by incorporating necessary data protection provisions, including processing instructions, security measures, breach notification procedures, and audit rights. This DPA is particularly crucial for international businesses operating in Austria or processing data of Austrian residents, as it must comply with both EU-wide GDPR requirements and specific Austrian data protection regulations. The document should be implemented before any data processing activities commence and updated as necessary to reflect changes in processing activities or regulatory requirements.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including full legal names and registration details

2. Background: Context of the DPA, reference to the main agreement, and purpose of the addendum

3. Definitions: Key terms used in the DPA, including GDPR-specific terminology and alignment with Austrian DSG definitions

4. Scope and Purpose of Processing: Detailed description of the data processing activities, categories of data subjects, and types of personal data

5. Duration of Processing: Timeframe for data processing activities, aligned with the main agreement's term

6. Obligations of the Processor: Processor's duties under GDPR Article 28, including processing only on documented instructions

7. Obligations of the Controller: Controller's responsibilities, including providing documented instructions and ensuring lawful basis for processing

8. Technical and Organizational Measures: Security measures implemented to protect personal data

9. Sub-processing: Conditions and requirements for engaging sub-processors

10. Data Subject Rights: Procedures for assisting with data subject requests

11. Personal Data Breach: Breach notification procedures and timelines

12. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance

13. Data Return and Deletion: Obligations regarding data handling upon agreement termination

14. Liability and Indemnities: Allocation of responsibilities and liabilities between parties

15. Governing Law and Jurisdiction: Confirmation of Austrian law application and jurisdiction

Optional Sections

1. International Data Transfers: Required when personal data will be transferred outside the EEA, incorporating EU SCCs where necessary

2. Special Categories of Data: Additional safeguards when processing sensitive personal data under Article 9 GDPR

3. Industry-Specific Requirements: Additional provisions for specific sectors (e.g., healthcare, telecommunications)

4. Joint Controller Provisions: Required when the relationship includes joint controller arrangements under GDPR Article 26

5. Data Protection Impact Assessment: Specific obligations regarding DPIAs when processing is likely to result in high risk

6. Representative in the EU: Required when the processor is not established in the EU but Article 3(2) GDPR applies

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including purpose, categories of data subjects and personal data

2. Schedule 2 - Technical and Organizational Measures: Detailed security measures implemented by the processor

3. Schedule 3 - Authorized Sub-processors: List of approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Details of transfer mechanisms used for international data transfers, including SCCs if applicable

5. Schedule 5 - Security Breach Response Plan: Detailed procedures for handling and reporting personal data breaches

6. Appendix A - Contact Details: Key contacts for data protection matters, including DPO details if applicable

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Austrian Data Protection Act
Authorized Persons
Binding Corporate Rules
Controller
Data Protection Impact Assessment
Data Protection Officer
Data Subject
DSG
EEA
EU Standard Contractual Clauses
European Commission
GDPR
International Data Transfer
Main Agreement
Personal Data
Personal Data Breach
Processing
Processor
Restricted Transfer
Security Measures
Services
Special Categories of Personal Data
Sub-processor
Supervisory Authority
Technical and Organizational Measures
Third Country
Transfer Mechanism
EU-US Data Privacy Framework
Austrian DPA
Documented Instructions
Data Subject Rights
Cross-border Processing
Appropriate Safeguards
Processing Records
Confidential Information
Data Protection Laws
Data Return Period
Deletion Protocol
Clauses
Interpretation
Scope
Data Protection Compliance
Processing Obligations
Security Requirements
Confidentiality
Sub-processing
International Transfer
Audit Rights
Data Subject Rights
Breach Notification
Liability
Term and Termination
Data Return and Deletion
Governing Law
Dispute Resolution
Force Majeure
Assignment
Severability
Entire Agreement
Amendment
Notice
Regulatory Cooperation
Technical Measures
Organizational Measures
Documentation
Personnel Obligations
Insurance
Indemnification
Survival
Relevant Industries

Technology and Software

Healthcare and Medical Services

Financial Services

E-commerce and Retail

Education

Professional Services

Manufacturing

Telecommunications

Insurance

Human Resources and Recruitment

Marketing and Advertising

Research and Development

Cloud Services

Consulting

Relevant Teams

Legal

Compliance

Information Security

IT

Privacy

Risk Management

Operations

Procurement

Information Governance

Data Protection

Vendor Management

Corporate Governance

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Legal Counsel

Privacy Manager

Compliance Officer

Information Security Manager

IT Director

Chief Information Security Officer

Risk Manager

Operations Manager

Procurement Manager

Contract Manager

Chief Technology Officer

Chief Legal Officer

Privacy Analyst

Data Protection Specialist

Information Governance Manager

Industries
General Data Protection Regulation (GDPR): EU Regulation 2016/679 - The primary data protection legislation in the EU, directly applicable in Austria, governing the processing of personal data and data transfers
Austrian Data Protection Act (DSG): Federal Law Gazette I No. 165/1999 as amended - The national law implementing GDPR in Austria and providing additional data protection requirements
Austrian Civil Code (ABGB): The fundamental civil law code of Austria governing contract formation, validity, and general contractual obligations
EU Standard Contractual Clauses (SCCs): Commission Implementing Decision (EU) 2021/914 - Required for international data transfers outside the EEA
Austrian Telecommunications Act (TKG): Relevant for electronic communications and data protection in telecommunications services
EU-US Data Privacy Framework: Framework for EU-US data transfers, relevant if data transfers to the US are involved
Austrian Data Protection Authority Guidelines: Guidelines and decisions from the Austrian DPA (Datenschutzbehörde) providing practical interpretation of data protection requirements
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Intra Group Agreement Data Protection

An Austrian law-governed agreement regulating data protection practices and compliance between group companies under GDPR and local data protection requirements.

find out more

Joint Controller Data Sharing Agreement

An Austrian law-governed agreement establishing joint controller arrangements for data sharing and processing under GDPR and local data protection requirements.

find out more

Commissioned Data Processing Agreement

An Austrian law-governed data processing agreement establishing controller-processor relationships under GDPR and local data protection requirements.

find out more

Data Privacy Addendum

An Austrian law-governed Data Privacy Addendum ensuring GDPR and Austrian DSG compliance for personal data processing activities.

find out more

Non Disclosure Agreement Data Protection

Austrian-law governed NDA with GDPR compliance focus, combining confidentiality and data protection requirements.

find out more

Data Protection Addendum

An Austrian law-governed addendum that establishes GDPR-compliant terms for personal data processing between controllers and processors.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.