All Countries
Data Privacy
Data Processing Addendum

Data Processing Addendum Template for United Arab Emirates

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Processing Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Processing Addendum

"I need a Data Processing Addendum under UAE law for my tech company that will be outsourcing cloud storage services to a third-party provider starting January 2025, with specific provisions for cross-border data transfers to Singapore."

Celebrated by
Collaborations with
Investors
Document background
The Data Processing Addendum (DPA) is a crucial legal document required whenever an organization (data controller) engages another party (data processor) to process personal data on its behalf within the UAE jurisdiction. This document has become increasingly important following the implementation of Federal Decree Law No. 45 of 2021, which established comprehensive data protection requirements in the UAE. The DPA supplements existing service agreements by detailing specific data protection obligations, security measures, and compliance requirements. It includes provisions for data breach notification, sub-processor engagement, cross-border transfers, and audit rights, ensuring alignment with UAE data protection laws and regulations. The document is essential for demonstrating compliance with UAE data protection requirements and establishing clear accountability in data processing relationships.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including full legal names and registration details

2. Background: Context of the relationship between parties and reference to the main agreement this DPA supplements

3. Definitions: Key terms used in the DPA, aligned with UAE Federal Decree Law No. 45 of 2021 definitions

4. Scope and Purpose: Details of the data processing activities covered by the agreement

5. Roles and Responsibilities: Clear delineation of roles as controller and processor, and respective obligations

6. Processing Instructions: Controller's documented instructions for processing, including permitted purposes and restrictions

7. Data Protection Obligations: Processor's obligations regarding data security, confidentiality, and compliance with UAE data protection laws

8. Technical and Organizational Measures: Security measures required to protect personal data

9. Sub-processing: Conditions and requirements for engaging sub-processors

10. Data Subject Rights: Procedures for handling data subject requests and processor's assistance obligations

11. Data Breach Notification: Procedures and timeframes for reporting data breaches

12. Audit Rights: Controller's rights to audit processor's compliance

13. Cross-border Transfers: Requirements and safeguards for international data transfers

14. Term and Termination: Duration of the DPA and termination provisions

15. Return or Deletion of Data: Obligations regarding personal data upon termination

16. Governing Law and Jurisdiction: Confirmation of UAE law application and jurisdiction

Optional Sections

1. Industry-Specific Requirements: Additional requirements for specific sectors (e.g., healthcare, financial services)

2. Data Protection Impact Assessment: Procedures for conducting DPIAs when required

3. Insurance Requirements: Specific insurance obligations for data protection

4. Joint Controller Provisions: Additional provisions when parties act as joint controllers

5. Processor Personnel: Specific requirements for processor's staff access and training

6. Business Continuity: Requirements for maintaining business continuity and disaster recovery

7. Costs and Compensation: Allocation of costs for compliance activities and data subject requests

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes

2. Schedule 2 - Technical and Organizational Measures: Detailed security measures and controls implemented by the processor

3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for international data transfers

5. Schedule 5 - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches

6. Appendix A - Contact Details: Key contacts for data protection matters, including DPO details if applicable

7. Appendix B - Standard Contractual Clauses: If applicable, approved standard contractual clauses for international transfers

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Addendum
Applicable Data Protection Law
Controller
Cross Border Transfer
Data Breach
Data Protection Impact Assessment
Data Protection Officer
Data Subject
Data Subject Request
Executive Regulations
Federal Data Protection Law
Personal Data
Processing
Processor
Restricted Transfer
Security Measures
Sensitive Personal Data
Services Agreement
Standard Contractual Clauses
Sub-processor
Supervisory Authority
Technical Measures
Organizational Measures
UAE Data Office
Processing Instructions
Authorized Personnel
Confidential Information
Data Protection Requirements
Processing Records
Security Controls
Third Party
Transfer Mechanism
Contract Term
Governing Law
Implementation Date
Jurisdiction
Main Agreement
Notice Period
Processing Location
Security Incident
Clauses
Interpretation
Scope
Processing Instructions
Processor Obligations
Controller Obligations
Technical and Organizational Measures
Security Requirements
Sub-processing
Confidentiality
Data Subject Rights
Cross-border Transfers
Audit Rights
Data Breach Notification
Liability
Indemnification
Insurance
Term and Termination
Data Return and Deletion
Regulatory Compliance
Governing Law
Dispute Resolution
Force Majeure
Assignment
Severability
Entire Agreement
Variation
Notices
Third Party Rights
Counterparts
Authority
Warranties
Records and Documentation
Personnel Requirements
Cooperation
Emergency Measures
Relevant Industries

Technology

Healthcare

Financial Services

E-commerce

Education

Telecommunications

Professional Services

Manufacturing

Retail

Insurance

Government Services

Hospitality

Transportation and Logistics

Relevant Teams

Legal

Compliance

Information Security

IT

Risk Management

Procurement

Privacy

Data Protection

Vendor Management

Information Governance

Operations

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Chief Information Security Officer

Privacy Counsel

Compliance Manager

Information Security Manager

Legal Counsel

IT Director

Risk Manager

Procurement Manager

Contract Manager

Chief Technology Officer

Chief Legal Officer

Data Protection Manager

Vendor Management Officer

Industries
Federal Decree Law No. 45 of 2021: The UAE's Personal Data Protection Law - This is the primary federal law governing personal data protection in the UAE, establishing requirements for processing personal data, data subject rights, and obligations of data controllers and processors.
Executive Regulations of Federal Decree Law No. 45 of 2021: Detailed implementation regulations for the Personal Data Protection Law, providing specific requirements for compliance, data processing mechanisms, and security measures.
Federal Decree Law No. 44 of 2021: Establishment of the UAE Data Office (UAEDO) - Relevant as it establishes the regulatory authority responsible for monitoring data protection compliance.
UAE Federal Law No. 5 of 2012: Cybercrime Law - Contains provisions relevant to data security and cybercrime prevention that must be considered in data processing arrangements.
Federal Law No. 2 of 2019: Concerning the Use of ICT in Healthcare - Specific requirements for processing health-related data if applicable to the data processing context.
DIFC Data Protection Law No. 5 of 2020: While specific to Dubai International Financial Centre, this law often serves as a reference point for best practices in data protection within the UAE.
Central Bank Regulation on Digital Payment Services and Systems: Relevant if the data processing involves financial data or payment systems, establishing specific requirements for financial data processing.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Agreement

A UAE law-compliant agreement establishing responsibilities and obligations between parties jointly controlling personal data processing activities.

find out more

Data Processing Addendum

A UAE law-compliant agreement establishing terms for personal data processing between controllers and processors under Federal Decree Law No. 45 of 2021.

find out more

Data Sharing Agreement Controller To Processor

UAE-law governed agreement establishing terms for processing personal data between a Controller and Processor, compliant with Federal Decree-Law No. 45/2021.

find out more

Controller To Controller Data Processing Agreement

UAE-law governed agreement establishing data sharing arrangements between two independent data controllers, compliant with Federal Decree Law No. 45 of 2021.

find out more

Intercompany Data Processing Agreement

UAE-law governed agreement regulating personal data processing between affiliated companies, ensuring compliance with UAE Federal Decree Law No. 45 of 2021.

find out more

Controller To Controller DPA

UAE-governed Controller to Controller DPA establishing framework for personal data sharing between independent controllers under Federal Decree-Law No. 45/2021.

find out more

DPA Agreement

UAE-compliant Data Processing Agreement establishing terms for personal data processing between controller and processor under Federal Decree-Law No. 45/2021.

find out more

Third Party Data Processing Agreement

UAE-law governed agreement regulating personal data processing activities between a controller and processor, compliant with Federal Decree Law No. 45 of 2021.

find out more

Personal Data Transfer Agreement

UAE-compliant agreement template for cross-border personal data transfers, aligned with Federal Decree-Law No. 45/2021 and free zone regulations.

find out more

Controller Processor Agreement

A UAE-compliant agreement governing data processing activities between controllers and processors under Federal Decree-Law No. 45/2021.

find out more

Affiliate Addendum

UAE-governed addendum defining affiliate marketing relationships, commission structures, and compliance requirements under UAE law.

find out more

Data Privacy Addendum

A legal addendum ensuring compliance with UAE data protection laws and regulations, establishing data processing rights and obligations between parties.

find out more

Sub Processing Agreement

UAE-governed Sub Processing Agreement establishing terms for outsourced data processing activities in compliance with UAE Federal Decree Law No. 45 of 2021.

find out more

International Data Transfer Agreement

UAE-compliant International Data Transfer Agreement governing cross-border personal data transfers under Federal Decree-Law No. 45/2021.

find out more

Data Protection Addendum

A legal addendum ensuring compliance with UAE federal and free zone data protection laws, establishing data processing rights and obligations between parties.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.