All Countries
Data Privacy
Data Addendum

Data Addendum Template for Ireland

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Addendum

"I need a Data Addendum for our new cloud service provider based in the US, to be effective from January 2025, that covers international data transfers and includes specific security requirements for handling customer data from our Irish operations."

Celebrated by
Collaborations with
Investors
Document background
The Data Addendum is essential for organizations operating under Irish jurisdiction that engage in personal data processing activities. This document is typically used when a primary service agreement requires supplementation with specific data protection terms, or when existing data processing terms need updating to ensure GDPR compliance. The Data Addendum addresses key requirements under Irish data protection law and the GDPR, including processor obligations, security measures, international transfers, and breach notification procedures. It is particularly relevant for Irish-based companies and multinational organizations processing EU residents' data, especially given Ireland's role as a key jurisdiction for many international tech companies' European operations. The document should be customized based on the specific processing activities, data types involved, and whether international transfers are contemplated.
Suggested Sections

1. Parties: Identification of the parties and their roles (data controller, data processor, or joint controllers)

2. Background: Context of the addendum, reference to the main agreement, and purpose of data processing activities

3. Definitions: Key terms used in the addendum, aligned with GDPR definitions and any additional specific terms

4. Scope and Purpose: Detailed description of the data processing activities covered by the addendum

5. Data Protection Obligations: Core obligations of both parties under GDPR and Irish data protection law

6. Technical and Organizational Measures: Security measures required to ensure appropriate level of data protection

7. Sub-processing: Conditions and requirements for engaging sub-processors

8. Data Subject Rights: Procedures for handling data subject requests and ensuring compliance with GDPR rights

9. Data Breach Notification: Procedures and timeframes for reporting and handling data breaches

10. Audit Rights: Controller's right to audit and processor's obligation to demonstrate compliance

11. Term and Termination: Duration of the addendum and obligations upon termination

12. Return or Deletion of Data: Requirements for handling personal data after service completion or termination

13. Governing Law and Jurisdiction: Confirmation of Irish law application and jurisdiction

Optional Sections

1. International Data Transfers: Required when personal data will be transferred outside the EEA, including transfer mechanisms and safeguards

2. Special Categories of Data: Additional requirements when processing sensitive personal data under Article 9 GDPR

3. Joint Controller Arrangements: Required when parties are acting as joint controllers, detailing shared responsibilities

4. Data Protection Impact Assessment: Procedures for conducting DPIAs when required by the processing activities

5. Records of Processing: Specific requirements for maintaining processing records beyond standard GDPR requirements

6. Processor Personnel: Specific requirements for staff training, confidentiality, and access controls

7. Insurance Requirements: Specific insurance obligations related to data protection risks

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities including categories of data subjects, types of personal data, and processing purposes

2. Schedule 2 - Technical and Organizational Measures: Detailed security measures implemented to protect personal data

3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Standard Contractual Clauses or other transfer mechanisms for international transfers

5. Schedule 5 - Data Breach Response Plan: Detailed procedures and contact information for data breach response

6. Appendix A - Contact Details: Key contacts for data protection matters, including Data Protection Officers if appointed

7. Appendix B - Security Incident Report Form: Template for reporting security incidents and data breaches

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Authorized Personnel
Confidential Information
Controller
Data Protection Impact Assessment
Data Protection Laws
Data Subject
Data Subject Request
EEA
EU
GDPR
Irish Data Protection Act
Personal Data
Personal Data Breach
Processing
Processor
Restricted Transfer
Security Incident
Services
Special Categories of Personal Data
Standard Contractual Clauses
Sub-processor
Supervisory Authority
Technical and Organizational Measures
Third Country
Transfer Mechanism
Transfer Impact Assessment
DPC
Joint Controller
Records of Processing
Data Protection Officer
Cross-border Processing
Binding Corporate Rules
Data Minimization
Privacy by Design
Privacy by Default
Data Protection Fee
Appropriate Technical Measures
Appropriate Organizational Measures
Relevant Industries

Technology

Financial Services

Healthcare

E-commerce

Telecommunications

Professional Services

Cloud Computing

Software Development

Digital Marketing

Education

Insurance

Banking

Consulting

Retail

Manufacturing

Pharmaceutical

Relevant Teams

Legal

Compliance

Information Technology

Information Security

Privacy

Risk Management

Procurement

Operations

Commercial

Data Protection

Information Governance

Vendor Management

Contract Management

Relevant Roles

Data Protection Officer

Privacy Counsel

Legal Counsel

Compliance Manager

Information Security Manager

IT Director

Chief Technology Officer

Chief Information Security Officer

Privacy Manager

Contract Manager

Procurement Manager

Risk Manager

Commercial Director

Operations Director

General Counsel

Chief Legal Officer

Data Protection Specialist

Information Governance Manager

Industries
General Data Protection Regulation (GDPR): The fundamental EU regulation governing personal data processing, directly applicable in Ireland. Sets out key principles, legal bases for processing, data subject rights, and obligations for controllers and processors.
Data Protection Act 2018: Irish national law that implements GDPR, provides for derogations allowed under GDPR, and establishes the Irish Data Protection Commission's powers and functions.
EU-US Data Privacy Framework: The current framework for EU-US data transfers, relevant for Irish companies transferring data to US entities, replacing the invalidated Privacy Shield.
ePrivacy Regulations 2011: Irish regulations implementing the EU ePrivacy Directive, covering electronic communications, cookies, and direct marketing requirements.
Data Protection Act 1988 and 2003: While largely superseded by GDPR and DPA 2018, these acts may still be relevant for historical data processing and certain legacy provisions.
Criminal Justice (Mutual Assistance) Act 2008: Relevant for international data transfers in law enforcement context and government access to data.
Standard Contractual Clauses (SCCs): EU Commission approved mechanisms for international data transfers, essential for Irish companies transferring data outside the EEA.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Gdpr Intercompany Agreement

Irish law-governed GDPR Intercompany Agreement for regulating personal data transfers and processing between group companies under Irish and EU data protection requirements.

find out more

Sub Processor Agreement

An Irish law-governed agreement establishing terms for delegated data processing activities between a processor and sub-processor, ensuring GDPR compliance.

find out more

Data Processing Agreement Addendum

An Irish law-governed addendum establishing GDPR-compliant terms for data processing activities between controllers and processors.

find out more

Third Party Processing Agreement

An Irish law-governed agreement establishing terms for third-party processing of personal data in compliance with GDPR and local data protection requirements.

find out more

Data Processing Contract

An Irish law-governed agreement establishing terms for personal data processing activities between a Data Controller and Data Processor, ensuring GDPR compliance.

find out more

Data Processing Addendum

An Irish law-governed Data Processing Addendum that establishes GDPR-compliant terms for personal data processing between controllers and processors.

find out more

Data Addendum

An Irish law-governed Data Addendum establishing GDPR-compliant data processing terms between controllers and processors.

find out more

Controller To Controller Agreement GDPR

Irish law Controller to Controller Agreement establishing GDPR-compliant data sharing framework between independent data controllers.

find out more

Data Sharing Agreement Controller To Processor

An Irish law-governed agreement establishing terms for personal data processing between a Controller and Processor, ensuring GDPR compliance.

find out more

Third Party Data Processing Agreement

An Irish law-governed Data Processing Agreement establishing GDPR-compliant terms between a data controller and processor.

find out more

Data Transfer Addendum

An Irish law-governed addendum that establishes compliant mechanisms for international personal data transfers under GDPR and Irish data protection laws.

find out more

Controller Processor Agreement

An Irish law-governed agreement establishing terms for processing personal data under GDPR, between a data controller and processor.

find out more

Order Processing Agreement

An Irish law-governed agreement establishing terms for order processing services, ensuring GDPR compliance and data protection requirements.

find out more

Data Protection Agreement For Employees

An Irish law-governed agreement establishing data protection protocols between employer and employee, ensuring GDPR compliance and proper handling of employee personal data.

find out more

Sub Processing Agreement

An Irish law-governed agreement between a data processor and sub-processor establishing terms for personal data processing in compliance with GDPR and Irish data protection legislation.

find out more

International Data Transfer Agreement

Irish law-governed agreement for compliant transfer of personal data from Ireland/EU to non-EEA countries, ensuring GDPR and local law compliance.

find out more

Data Transfer Agreement

An Irish law-governed agreement establishing terms for compliant transfer of personal data between organizations under GDPR and Irish data protection legislation.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.