Term of Processing
Contract Type:
Generic Contract

The Processor shall process Personal Data on behalf of the Controller for the term of this Agreement.

Click to Copy


Here is a plain English explanation of the suggested Term of Processing clause:

- This clause is for a contract involving processing of personal data between a controller and processor.

- The processor is the party carrying out data processing services for the controller.

- Personal data means any information relating to an identified or identifiable person.

- The clause states the processor can process personal data on behalf of the controller during the term of the contract.

- It sets the permitted duration of data processing by the processor, which is for the full term of the overall contract.

- The processor cannot process the controller's personal data before or after the contract term, unless authorized separately.

- This seeks to protect personal data by limiting processing to the intended contract period.

In summary, this clause restricts the processor to only processing personal data for the controller during the term of their contract, defining the permissible data processing timeframe.

History of the clause (for the geeks)

Data protection law emerged in the 1970s as computer technology enabled unprecedented collection and use of personal information. Early statutes like Germany's Federal Data Protection Act focused on regulating government data processing.

The OECD issued guidelines advocating data protection principles like limiting collection and purpose.

By the 1990s, the EU passed the Data Protection Directive imposing standards for processing personal data across member states. It required appropriate security measures and legal justification for processing. The Directive introduced key data protection roles like controller and processor.

As technology advanced further, the EU General Data Protection Regulation (GDPR) updated and expanded data protection law from 2018. It placed heightened obligations on processors, requiring contracts that govern their services. Specific clauses became essential for allocating liability between controllers and processors.

Today, tailored data processing clauses are vital for legal compliance and risk management. They define duration, scope, security measures, sub-processing, and other aspects crucially impacting data protection. Modern data processing clauses balance enabling contracted services with safeguarding personal data rights.

In summary, data processing clauses evolved from early computer privacy laws to address emerging threats, finally becoming a regulated requirement for contracting parties handling personal data.