This data processing agreement is adapted from the ProtonMail DPA that you will find on this page. Organizations can use the document below as part of their GDPR compliance. A manager decides how the data is processed. 1.3 Consequences of non-compliance with data protection legislation. Each party shall comply with all obligations imposed on a controller under data protection legislation and any material breach of data protection legislation by one party, if it is not corrected within fifteen days of the written notification of the other party, must give the other party a reason to terminate the contract with immediate effect. (C) The Parties shall endeavour to implement a data processing agreement that meets the requirements of the existing legal framework on data processing and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). Use this template to create a contract with scCs to transfer personal data from a controller established in the EEA to your UK-based company or organisation that works as a controller. It aims to cover common issues and aims to help micro, small and medium-sized enterprises use CCS in simple cases where you don`t need professional advice. 1.4 Cross-border transfers. For the avoidance of doubt, these exclusions do not apply to EU personal data, as the agreement excludes any form of information on confidentiality obligations. .