All Countries
Data Privacy
Controller Processor Agreement

Controller Processor Agreement Template for United Arab Emirates

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Controller Processor Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Controller Processor Agreement

"I need a Controller Processor Agreement for my UAE-based healthcare technology company that will be processing patient data on behalf of multiple hospitals across Dubai and Abu Dhabi, with implementation planned for March 2025."

Celebrated by
Collaborations with
Investors
Document background
The Controller Processor Agreement is essential for organizations engaging in data processing activities within the UAE jurisdiction. This document is required under Federal Decree-Law No. 45/2021 whenever a data controller engages a processor to handle personal data on their behalf. The agreement ensures compliance with UAE data protection requirements, including specific provisions for data security, breach notification, and cross-border transfers. It's particularly important for businesses operating in UAE mainland and free zones, as it helps demonstrate compliance with local regulations while providing a framework for secure and lawful data processing activities. The agreement should be customized based on the specific processing activities, incorporating relevant requirements from both federal law and applicable free zone regulations.
Suggested Sections

1. Parties: Identification of the Data Controller and Data Processor, including full legal names, registration details, and addresses

2. Background: Context of the agreement, relationship between parties, and purpose of the data processing arrangement

3. Definitions: Key terms used in the agreement, aligned with UAE Federal Decree-Law No. 45/2021 terminology

4. Scope and Purpose of Processing: Detailed description of the data processing activities, categories of data, and processing purposes

5. Duration of Processing: Timeframe for the processing activities and agreement term

6. Obligations of the Data Controller: Controller's responsibilities including lawful basis for processing, instructions, and compliance with UAE law

7. Obligations of the Data Processor: Processor's duties including processing only on documented instructions, confidentiality, and security measures

8. Security Measures: Technical and organizational measures required to protect personal data as per UAE regulations

9. Sub-processing: Conditions and requirements for engaging sub-processors

10. Data Subject Rights: Procedures for handling data subject requests and processor's assistance obligations

11. Data Breach Notification: Procedures and timeframes for reporting data breaches as per UAE requirements

12. Audit Rights: Controller's right to audit and processor's obligation to demonstrate compliance

13. Data Transfer Restrictions: Rules for international data transfers under UAE law

14. Termination and Data Deletion: Provisions for agreement termination and data handling upon termination

15. Liability and Indemnification: Allocation of liability and indemnification obligations

16. Governing Law and Jurisdiction: Specification of UAE law as governing law and jurisdiction for disputes

Optional Sections

1. Free Zone Compliance: Additional provisions for compliance with DIFC or ADGM data protection regulations when applicable

2. Sector-Specific Requirements: Additional provisions for healthcare, financial, or other regulated sectors

3. Data Protection Officer: Provisions regarding DPO appointment and responsibilities when required

4. Insurance Requirements: Specific insurance obligations for data protection

5. Business Continuity: Provisions for ensuring continuous data protection during disruptions

6. Joint Controller Provisions: Additional provisions when the relationship involves joint controllers

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including data categories, purposes, and duration

2. Schedule 2 - Technical and Organizational Measures: Detailed security measures and controls implemented by the processor

3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Details of international transfer mechanisms and safeguards

5. Schedule 5 - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches

6. Appendix A - Contact Details: Key contacts for both parties including emergency contacts and DPOs

7. Appendix B - Service Level Agreement: Specific performance metrics and service levels for data processing activities

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Applicable Law
Authorized Person
Confidential Information
Data Controller
Data Processor
Data Protection Authority
Data Protection Law
Data Subject
Data Subject Request
Executive Regulations
Federal Decree
Personal Data
Personal Data Breach
Processing
Processing Instructions
Processing Records
Regulatory Authority
Security Measures
Sensitive Personal Data
Services
Sub-processor
Technical Measures
Organizational Measures
Transfer Mechanism
UAE
Cross-border Transfer
Data Protection Impact Assessment
Processing Agreement
Data Protection Officer
Supervisory Authority
Breach Notification
Compliance Documentation
Data Minimization
Storage Limitation
Processing Purpose
Third Party
Consent
Data Category
Processing Location
Security Standard
Audit Report
Relevant Industries

Technology

Healthcare

Financial Services

E-commerce

Telecommunications

Professional Services

Education

Real Estate

Hospitality

Manufacturing

Retail

Insurance

Government Services

Transportation and Logistics

Relevant Teams

Legal

Compliance

Information Security

IT

Privacy

Risk Management

Operations

Procurement

Data Governance

Information Management

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Chief Information Security Officer

Privacy Manager

Compliance Director

Legal Counsel

IT Director

Information Security Manager

Risk Manager

Operations Director

Procurement Manager

Contract Manager

Chief Technology Officer

Chief Legal Officer

Data Governance Manager

Industries
Federal Decree-Law No. 45/2021: The UAE's primary federal data protection law that establishes the basic framework for personal data protection and processing in the UAE, including requirements for data controllers and processors.
Cabinet Resolution No. 100/2022: Executive regulations implementing Federal Decree-Law No. 45/2021, providing detailed requirements for data processing agreements and compliance measures.
DIFC Data Protection Law No. 5 of 2020: Specific data protection regulations for the Dubai International Financial Centre free zone, which may be relevant if either party operates in the DIFC.
ADGM Data Protection Regulations 2021: Abu Dhabi Global Market's data protection regulations, which may be applicable if either party operates in the ADGM free zone.
UAE Federal Law No. 2 of 2019: Concerning the Use of Information and Communication Technology in Healthcare, relevant if the data processing involves health-related information.
UAE Federal Law No. 5 of 2012: Cybercrime Law that includes provisions related to privacy and confidentiality of electronic information, which may impact data processing requirements.
UAE Consumer Protection Law Federal Law No. 15 of 2020: Relevant when processing consumer data, including provisions for protecting consumer privacy and data rights.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Agreement

A UAE law-compliant agreement establishing responsibilities and obligations between parties jointly controlling personal data processing activities.

find out more

Data Processing Addendum

A UAE law-compliant agreement establishing terms for personal data processing between controllers and processors under Federal Decree Law No. 45 of 2021.

find out more

Data Sharing Agreement Controller To Processor

UAE-law governed agreement establishing terms for processing personal data between a Controller and Processor, compliant with Federal Decree-Law No. 45/2021.

find out more

Controller To Controller Data Processing Agreement

UAE-law governed agreement establishing data sharing arrangements between two independent data controllers, compliant with Federal Decree Law No. 45 of 2021.

find out more

Intercompany Data Processing Agreement

UAE-law governed agreement regulating personal data processing between affiliated companies, ensuring compliance with UAE Federal Decree Law No. 45 of 2021.

find out more

Controller To Controller DPA

UAE-governed Controller to Controller DPA establishing framework for personal data sharing between independent controllers under Federal Decree-Law No. 45/2021.

find out more

DPA Agreement

UAE-compliant Data Processing Agreement establishing terms for personal data processing between controller and processor under Federal Decree-Law No. 45/2021.

find out more

Third Party Data Processing Agreement

UAE-law governed agreement regulating personal data processing activities between a controller and processor, compliant with Federal Decree Law No. 45 of 2021.

find out more

Personal Data Transfer Agreement

UAE-compliant agreement template for cross-border personal data transfers, aligned with Federal Decree-Law No. 45/2021 and free zone regulations.

find out more

Controller Processor Agreement

A UAE-compliant agreement governing data processing activities between controllers and processors under Federal Decree-Law No. 45/2021.

find out more

Affiliate Addendum

UAE-governed addendum defining affiliate marketing relationships, commission structures, and compliance requirements under UAE law.

find out more

Data Privacy Addendum

A legal addendum ensuring compliance with UAE data protection laws and regulations, establishing data processing rights and obligations between parties.

find out more

Sub Processing Agreement

UAE-governed Sub Processing Agreement establishing terms for outsourced data processing activities in compliance with UAE Federal Decree Law No. 45 of 2021.

find out more

International Data Transfer Agreement

UAE-compliant International Data Transfer Agreement governing cross-border personal data transfers under Federal Decree-Law No. 45/2021.

find out more

Data Protection Addendum

A legal addendum ensuring compliance with UAE federal and free zone data protection laws, establishing data processing rights and obligations between parties.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.