This document is a template for a Data Processing Agreement that establishes the relationship between a Company (the Data Controller) and a Data Processor. The agreement is drafted to comply with the EU General Data Protection Regulation (GDPR) and other relevant Data Protection Laws, with the aim of regulating the processing of personal data. The provisions include the Processor's obligations with respect to compliance with the law, data security, handling data breaches and data subject rights procedures. In addition, the rules for engaging Subprocessors, transfer of data outside the EEA and the Company's audit rights are set out.