The National Data Privacy Agreement serves as a critical legal instrument for organizations operating in India that process personal data. This agreement has become increasingly important following the implementation of the Digital Personal Data Protection Act 2023 and related privacy regulations in India. It is designed to be used when establishing data processing relationships between data fiduciaries (controllers) and processors, ensuring compliance with Indian data protection laws while facilitating secure and lawful data processing activities. The agreement covers essential aspects such as data security measures, breach notification procedures, cross-border data transfers, and the rights of data principals, incorporating both mandatory regulatory requirements and industry best practices. It is particularly relevant for organizations handling significant volumes of personal data or operating in regulated sectors where data protection compliance is crucial.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership of your docs
1. Parties: Identification of the data fiduciary (data controller) and data processor, including registered addresses and company details
2. Background: Context of the agreement, relationship between parties, and purpose of data processing activities
3. Definitions: Detailed definitions of terms used in the agreement, aligned with DPDP Act 2023 terminology
4. Scope and Purpose: Detailed description of data processing activities, categories of data, and processing purposes
5. Data Protection Obligations: Core obligations regarding data collection, processing, storage, and protection
6. Rights of Data Principals: Procedures for handling data principal (subject) rights under Indian law
7. Security Measures: Specific technical and organizational security measures required
8. Data Breach Notification: Procedures and timelines for reporting and handling data breaches
9. Cross-border Data Transfers: Rules and requirements for international data transfers
10. Confidentiality: Confidentiality obligations regarding personal data and business information
11. Audit and Compliance: Rights of audit and compliance verification procedures
12. Liability and Indemnification: Allocation of liability and indemnification obligations
13. Term and Termination: Duration of agreement and termination provisions
14. Post-Termination Obligations: Data handling and deletion requirements after agreement ends
15. Governing Law and Jurisdiction: Specification of Indian law as governing law and jurisdiction for disputes
1. Sub-processing: Include when the data processor may engage sub-processors
2. Data Localization: Include for sectors requiring strict data localization (e.g., financial data)
3. Industry-Specific Compliance: Include for regulated sectors like healthcare or financial services
4. Insurance Requirements: Include when specific insurance coverage for data protection is required
5. Business Continuity: Include when processing critical data requiring disaster recovery provisions
6. Data Protection Impact Assessment: Include for high-risk processing activities
7. Special Categories of Data: Include when processing sensitive personal data
1. Schedule 1 - Processing Activities: Detailed description of data processing activities, purposes, and categories of data
2. Schedule 2 - Security Measures: Technical and organizational security measures to be implemented
3. Schedule 3 - Data Subject Rights Procedure: Detailed procedures for handling data principal requests
4. Schedule 4 - Sub-processors: List of approved sub-processors and their processing activities
5. Schedule 5 - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches
6. Schedule 6 - Audit Requirements: Specific audit procedures and compliance requirements
7. Appendix A - Contact Details: Key contacts for both parties including Data Protection Officers
8. Appendix B - Data Transfer Mechanisms: Details of approved mechanisms for international data transfers
Find the exact document you need
National Data Privacy Agreement
Indian data privacy agreement template aligned with DPDP Act 2023, governing personal data processing and protection requirements under Indian law.
Download
Intra Group Agreement Data Protection
An intra-group agreement governing data protection practices between related corporate entities under Indian law, particularly the DPDP Act 2023.
Download
DPA Data Protection Agreement
An Indian law-compliant Data Protection Agreement governing personal data processing relationships between controllers and processors, aligned with IT Act and DPDP Act requirements.
Download
DPA Data Privacy Agreement
An Indian law-governed Data Privacy Agreement establishing data processing terms between controller and processor under DPDP Act 2023.
Download
Data Controller DPA
An Indian law-compliant agreement between data controller and processor establishing terms for personal data processing, aligned with IT Act and DPDP Act 2023.
Download
Non Disclosure Agreement Data Protection
Indian Non-Disclosure Agreement with Data Protection provisions, compliant with Indian data protection laws including DPDP Act 2023.
Download
Genie’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; Genie’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it