All Countries
Compliance
Personal Data Processing Agreement

Personal Data Processing Agreement Template for Belgium

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Personal Data Processing Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Personal Data Processing Agreement

"I need a Personal Data Processing Agreement under Belgian law for my software company (as controller) engaging a cloud storage provider to store customer data, including provisions for international transfers to the US."

Celebrated by
Collaborations with
Investors
Document background
The Personal Data Processing Agreement is a mandatory legal document required under Article 28 of the GDPR and Belgian data protection law whenever a company (controller) engages another party (processor) to process personal data on its behalf. This agreement must be in place before any processing begins and forms part of the broader service relationship between the parties. It includes specific provisions required by Belgian law and GDPR, such as technical and organizational measures, data breach procedures, and audit rights. The agreement is particularly important in the Belgian context as it must comply with both EU-wide GDPR requirements and specific Belgian data protection regulations, including the Belgian Data Protection Act of 2018. It should be customized based on the nature of processing, types of data involved, and specific security requirements of the engagement.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including registered addresses and company details

2. Background: Context of the processing relationship and purpose of the agreement

3. Definitions: Key terms used in the agreement, including GDPR-specific terminology

4. Scope and Purpose of Processing: Detailed description of the processing activities, categories of data, and processing purposes

5. Duration of Processing: Timeframe for the processing activities and agreement term

6. Obligations of the Data Controller: Responsibilities and warranties of the data controller, including lawful basis for processing

7. Obligations of the Data Processor: Core processor obligations under Article 28 GDPR, including processing only on documented instructions

8. Confidentiality: Confidentiality obligations for processed data and processing operations

9. Security of Processing: Security measures and standards required for data protection

10. Sub-processing: Conditions and requirements for engaging sub-processors

11. Data Subject Rights: Procedures for assisting controller with data subject requests

12. Personal Data Breach: Breach notification procedures and timelines

13. Audit Rights: Controller's audit rights and processor's obligations to demonstrate compliance

14. Liability and Indemnification: Allocation of liability and indemnification provisions

15. Termination: Termination conditions and data deletion/return obligations

16. Governing Law and Jurisdiction: Specification of Belgian law as governing law and jurisdiction for disputes

Optional Sections

1. International Data Transfers: Required when personal data will be transferred outside the EEA, including appropriate transfer mechanisms

2. Special Categories of Data: Additional safeguards when processing special categories of personal data under Article 9 GDPR

3. Data Protection Impact Assessment: Processor's obligations regarding DPIAs when processing is likely to result in high risk

4. Insurance: Requirements for specific insurance coverage for data processing activities

5. Force Majeure: Provisions for handling events beyond parties' reasonable control

6. Language: Required for agreements that may be executed in multiple languages, specifying the prevailing version

Suggested Schedules

1. Schedule 1: Details of Processing: Detailed description of processing activities, including data categories, subjects, and purposes

2. Schedule 2: Technical and Organizational Measures: Specific security measures implemented by the processor

3. Schedule 3: Approved Sub-processors: List of pre-approved sub-processors and their processing activities

4. Schedule 4: Security Breach Notification Template: Standard format for reporting personal data breaches

5. Schedule 5: Audit Procedures: Detailed procedures for conducting compliance audits

6. Appendix A: Contact Details: Key contacts for both parties for operational and emergency matters

7. Appendix B: Standard Contractual Clauses: If applicable, EU SCCs for international data transfers

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Law
Belgian Data Protection Act
Controller
Data Subject
Data Protection Impact Assessment
EEA
GDPR
Personal Data
Personal Data Breach
Processing
Processor
Services
Special Categories of Personal Data
Sub-processor
Technical and Organizational Measures
Third Country
Transfer
Supervisory Authority
Belgian Data Protection Authority
Confidential Information
Data Protection Officer
Instructions
Security Breach
Permitted Purpose
Personnel
Representatives
Standard Contractual Clauses
Term
Working Day
Written Notice
Authorized Persons
Data Processing Schedule
Security Requirements
Service Agreement
Clauses
Interpretations and Definitions
Appointment and Duration
Processing Obligations
Scope of Processing
Data Protection
Confidentiality
Security Measures
Sub-processing
Data Subject Rights
Data Breach Notification
Audit Rights
International Transfers
Compliance Assistance
Personnel Obligations
Warranties and Representations
Liability and Indemnification
Insurance
Term and Termination
Data Return and Deletion
Force Majeure
Assignment and Subcontracting
Notices
Severability
Entire Agreement
Variation
Waiver
Third Party Rights
Governing Law
Jurisdiction
Dispute Resolution
Relevant Industries

Technology and Software

Healthcare

Financial Services

E-commerce

Education

Professional Services

Telecommunications

Cloud Services

Marketing and Advertising

Human Resources

Manufacturing

Retail

Insurance

Consulting

Research and Development

Relevant Teams

Legal

Compliance

Information Security

IT

Privacy

Risk Management

Operations

Procurement

Data Protection

Information Governance

Relevant Roles

Data Protection Officer

Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

IT Director

Chief Technology Officer

Chief Information Security Officer

Risk Manager

Operations Manager

Procurement Manager

Contract Manager

Chief Legal Officer

Privacy Manager

Data Protection Manager

Industries
General Data Protection Regulation (GDPR): EU Regulation 2016/679 - The primary legislation governing personal data processing in the EU, setting requirements for data processing agreements under Article 28
Belgian Data Protection Act: Law of 30 July 2018 on the Protection of Natural Persons with regard to the Processing of Personal Data - The national law implementing GDPR in Belgium
Belgian Civil Code: Provides the general framework for contracts under Belgian law, including formation, validity, and enforcement
Belgian Data Protection Authority Guidelines: Guidance and recommendations issued by the Belgian DPA (Gegevensbeschermingsautoriteit/Autorité de protection des données) on data processing agreements
ePrivacy Directive Implementation: Belgian laws implementing Directive 2002/58/EC concerning privacy in electronic communications
Belgian Code of Economic Law: Contains provisions relevant to electronic contracts and business practices that might affect data processing agreements
EU Standard Contractual Clauses (SCCs): Commission Implementing Decision (EU) 2021/915 - Relevant if the agreement involves international data transfers
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Data Protection Contract

Belgian law-governed data protection agreement establishing data processing obligations and compliance with GDPR and Belgian data protection requirements.

find out more

Personal Data Processing Agreement

Belgian law-governed Personal Data Processing Agreement establishing GDPR-compliant terms for processing personal data between controller and processor.

find out more

Data Controller Agreement

A Belgian law-governed agreement establishing terms between data controllers for sharing and processing personal data in compliance with GDPR and local requirements.

find out more

Data Privacy Contract

Belgian law-governed data processing agreement ensuring GDPR compliance and establishing controller-processor obligations under Belgian jurisdiction.

find out more

Personal Data Protection Agreement

Belgian law-governed agreement regulating personal data processing between organizations, ensuring compliance with local and EU data protection requirements.

find out more

Data Privacy Addendum

A Belgian law-governed agreement defining personal data processing terms between controllers and processors, ensuring GDPR and local law compliance.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.