Skip to main content
← All templates
data-compliance

Common Paper Data Processing Agreement

A data processing agreement cover page and standard terms, based on Common Paper's standard form. Covers GDPR and data protection compliance, including processor/controller roles, data transfers, subprocessors, and security measures.

100 fields CC-BY-4.0 Source: Common Paper

Fill this template

With Claude Code

Just ask Claude — no installation required:

Fill the common-paper-data-processing-agreement template for my company

With the CLI

npx -y open-agreements@latest fill common-paper-data-processing-agreement -d values.json -o output.docx

With the hosted MCP

Add to your MCP config for zero-install access to all templates:

{
  "mcpServers": {
    "open-agreements": {
      "url": "https://openagreements.ai/api/mcp"
    }
  }
}

Fields (100)

Field Type Description
company_name string Official company name
product_name string Name of product or service
underlying_agreement string Name and date of the underlying agreement
customer_contact_name string Customer contact name
customer_contact_title string Customer contact title
customer_address string Customer's physical address
provider_contact_name string Provider contact name
provider_contact_title string Provider contact title
provider_address string Provider's physical address
physical_address string Physical address for notifications
contact_address string Email and/or physical address
provider_role string Provider's role (Controller or Processor)
governing_law string Governing law state/province/country
eu_member_state string EU Member State for disputes
uk_governing_law string UK governing law selection
subprocessor_name string Subprocessor name
custom_option string Custom option for selections
custom_options string Multiple custom options
url string URL for references
countries_list string List of all countries for data transfers
csa_reference string Common Paper CSA reference
non_csa_reference string Non-CSA agreement reference
security_measures string Description of security measures
text_box string General text box entry
other_security_certification string Name of additional security certification (e.g. "ISO 27701 Privacy Information Management")
dpa_covered_claims_detail string Specific scope of DPA Covered Claims (e.g., breach of DPA, gross negligence resulting in Security Incident)
cap_multiplier string Liability cap multiplier
greater_of_dollar string Dollar amount for the greater-of liability cap
policy_url string URL of where to find policies
has_subprocessor boolean Set to true when a pre-approved subprocessor is specified.
dpa_security_reasonable_efforts boolean Set to true when Provider will use commercially reasonable efforts to secure the Service from unauthorized access.
has_dpa_security_policy boolean Set to true when Provider has a Security Policy available at the specified policy_url.
has_dpa_security_certifications boolean Set to true when Provider maintains annually updated security reports or certifications.
cert_iso_27001 boolean Set to true when Provider holds ISO 27001 certification.
cert_penetration_testing boolean Set to true when Provider performs regular penetration testing.
cert_soc2_type1 boolean Set to true when Provider holds SOC 2 Type I certification.
cert_pci_level1 boolean Set to true when Provider holds PCI Level 1 certification.
cert_soc2_type2 boolean Set to true when Provider holds SOC 2 Type II certification.
cert_pci_level2 boolean Set to true when Provider holds PCI Level 2 certification.
cert_hipaa boolean Set to true when Provider holds HIPAA certification.
cert_fedramp boolean Set to true when Provider holds FedRAMP Authorization.
cert_other boolean Set to true to include an additional security certification. Specify the certification in other_security_certification.
indemnification_csa_reference boolean Set to true when using Common Paper CSA-style indemnification reference for DPA Covered Claims.
indemnification_non_csa_reference boolean Set to true when using non-CSA indemnification language for DPA Covered Claims.
cap_csa_reference boolean Set to true when using CSA-style Increased Claim cap for DPA Covered Claims.
cap_non_csa_reference boolean Set to true when using non-CSA liability cap language for DPA Covered Claims.
has_dpa_governing_law boolean Set to true when DPA-specific governing law overrides the Agreement's governing law clause.
has_ccpa_terms boolean Set to true when California Consumer Privacy Act (CCPA) terms are included in the DPA.
has_eea_transfers boolean Set to true when EEA data transfer mechanisms are specified.
has_uk_transfers boolean Set to true when UK data transfer mechanisms are specified.
data_subject_end_users boolean Set to true when end users or customers are included as data subjects.
data_subject_employees boolean Set to true when employees are included as data subjects.
data_subject_custom boolean Set to true to include a custom data subject category. Specify in custom_option.
pd_name boolean Set to true when Name is a category of personal data processed.
pd_contact boolean Set to true when contact information (email, phone, address) is a category of personal data processed.
pd_employment boolean Set to true when employment information (employee ID, compensation) is a category of personal data processed.
pd_financial boolean Set to true when financial information (bank account numbers) is a category of personal data processed.
pd_professional boolean Set to true when professional or biographic information (resume, CV) is a category of personal data processed.
pd_transactional boolean Set to true when transactional information (account info, purchases) is a category of personal data processed.
pd_user_activity boolean Set to true when user activity and analysis (device info, IP address) is a category of personal data processed.
pd_location boolean Set to true when location information is a category of personal data processed.
pd_custom boolean Set to true to include a custom personal data category. Specify in custom_option.
security_measures_see_policy boolean Set to true when security measures reference the Security Policy.
security_measures_custom boolean Set to true to include custom security measures. Specify in custom_option.
processing_continuous boolean Set to true when data processing is continuous.
processing_frequency_custom boolean Set to true to specify a custom processing frequency. Specify in custom_options.
pa_receiving boolean Set to true when receiving data (collection, accessing, retrieval) is a processing activity.
pa_holding boolean Set to true when holding data (storage, organization, structuring) is a processing activity.
pa_using boolean Set to true when using data (analysis, consultation, testing) is a processing activity.
pa_updating boolean Set to true when updating data (correcting, adaptation, alteration) is a processing activity.
pa_protecting boolean Set to true when protecting data (restricting, encrypting, testing) is a processing activity.
pa_sharing boolean Set to true when sharing data (disclosure, dissemination) is a processing activity.
pa_returning boolean Set to true when returning data to the data exporter or data subject is a processing activity.
pa_erasing boolean Set to true when erasing data (destruction, deletion) is a processing activity.
pa_custom boolean Set to true to include a custom processing activity. Specify in custom_options.
sm_pseudonymization boolean Set to true when pseudonymization and encryption of personal data is a security measure.
sm_confidentiality boolean Set to true when ensuring ongoing confidentiality, integrity, availability, and resilience is a security measure.
sm_restore boolean Set to true when ability to restore availability and access after incidents is a security measure.
sm_testing boolean Set to true when regular testing and evaluation of security measures is a security measure.
sm_user_auth boolean Set to true when user identification and authorization process protection is a security measure.
sm_transit boolean Set to true when protecting personal data during transmission (in transit) is a security measure.
sm_storage boolean Set to true when protecting personal data during storage (at rest) is a security measure.
sm_physical boolean Set to true when physical security of processing locations is a security measure.
sm_logging boolean Set to true when events logging is a security measure.
sm_config boolean Set to true when systems configuration and default configuration is a security measure.
sm_governance boolean Set to true when internal IT and IT security governance and management is a security measure.
sm_certification boolean Set to true when certification or assurance of processes and products is a security measure.
sm_minimization boolean Set to true when data minimization is a security measure.
sm_quality boolean Set to true when ensuring data quality is a security measure.
sm_retention boolean Set to true when ensuring limited data retention is a security measure.
sm_accountability boolean Set to true when ensuring accountability is a security measure.
sm_portability boolean Set to true when allowing data portability and ensuring erasure is a security measure.
provider_signatory_type enum Whether the Provider signatory is an entity or individual
provider_signatory_name string Full legal name of the Provider's signatory
provider_signatory_title string Title/role of the Provider's signatory (entity only)
provider_signatory_company string Company name for the Provider signatory (entity only)
customer_signatory_type enum Whether the Customer signatory is an entity or individual
customer_signatory_name string Full legal name of the Customer's signatory
customer_signatory_title string Title/role of the Customer's signatory (entity only)
customer_signatory_company string Company name for the Customer signatory (entity only)

Browse more templates

View all templates