Skip to main content
← All templates
Data & Compliance

Common Paper Data Processing Agreement

A data processing agreement cover page and standard terms, based on Common Paper's standard form. Covers GDPR and data protection compliance, including processor/controller roles, data transfers, subprocessors, and security measures.

100 fields CC-BY-4.0 Common Paper
View on Common Paper

Fill this template

Claude Code

Ask Claude directly — the MCP connector handles everything:

Fill the common-paper-data-processing-agreement template for my company

CLI

npx open-agreements fill common-paper-data-processing-agreement -d values.json -o output.docx

Fields (100)

Parties

FieldTypeDescription
Company Name string Official company name

Service

FieldTypeDescription
Product Name string Name of product or service

Terms

FieldTypeDescription
Underlying Agreement string Name and date of the underlying agreement

Parties

FieldTypeDescription
Customer Contact Name string Customer contact name
Customer Contact Title string Customer contact title
Customer Address string Customer's physical address
Provider Contact Name string Provider contact name
Provider Contact Title string Provider contact title
Provider Address string Provider's physical address
Physical Address string Physical address for notifications
Contact Address string Email and/or physical address

Terms

FieldTypeDescription
Provider Role string Provider's role (Controller or Processor)

Privacy

FieldTypeDescription
Subprocessor Name string Subprocessor name

Terms

FieldTypeDescription
Custom Option string Custom option for selections
Custom Options string Multiple custom options
Url string URL for references

Privacy

FieldTypeDescription
Countries List string List of all countries for data transfers

Terms

FieldTypeDescription
Csa Reference string Common Paper CSA reference
Non Csa Reference string Non-CSA agreement reference

Privacy

FieldTypeDescription
Security Measures string Description of security measures

Terms

FieldTypeDescription
Text Box string General text box entry

Security

FieldTypeDescription
Other Security Certification string Name of additional security certification (e.g. "ISO 27701 Privacy Information Management")

Liability

FieldTypeDescription
Cap Multiplier string Liability cap multiplier
Greater Of Dollar string Dollar amount for the greater-of liability cap

Privacy

FieldTypeDescription
Policy Url string URL of where to find policies
Has Subprocessor boolean Set to true when a pre-approved subprocessor is specified.

Security

FieldTypeDescription
Dpa Security Reasonable Efforts boolean Set to true when Provider will use commercially reasonable efforts to secure the Service from unauthorized access.
Has Dpa Security Policy boolean Set to true when Provider has a Security Policy available at the specified policy_url.
Has Dpa Security Certifications boolean Set to true when Provider maintains annually updated security reports or certifications.
Cert Iso 27001 boolean Set to true when Provider holds ISO 27001 certification.
Cert Penetration Testing boolean Set to true when Provider performs regular penetration testing.
Cert Soc2 Type1 boolean Set to true when Provider holds SOC 2 Type I certification.
Cert Pci Level1 boolean Set to true when Provider holds PCI Level 1 certification.
Cert Soc2 Type2 boolean Set to true when Provider holds SOC 2 Type II certification.
Cert Pci Level2 boolean Set to true when Provider holds PCI Level 2 certification.
Cert Hipaa boolean Set to true when Provider holds HIPAA certification.
Cert Fedramp boolean Set to true when Provider holds FedRAMP Authorization.
Cert Other boolean Set to true to include an additional security certification. Specify the certification in other_security_certification.

Liability

FieldTypeDescription
Indemnification Csa Reference boolean Set to true when using Common Paper CSA-style indemnification reference for DPA Covered Claims.
Indemnification Non Csa Reference boolean Set to true when using non-CSA indemnification language for DPA Covered Claims.
Cap Csa Reference boolean Set to true when using CSA-style Increased Claim cap for DPA Covered Claims.
Cap Non Csa Reference boolean Set to true when using non-CSA liability cap language for DPA Covered Claims.

Privacy

FieldTypeDescription
Has Eea Transfers boolean Set to true when EEA data transfer mechanisms are specified.
Has Uk Transfers boolean Set to true when UK data transfer mechanisms are specified.
Data Subject End Users boolean Set to true when end users or customers are included as data subjects.
Data Subject Employees boolean Set to true when employees are included as data subjects.
Data Subject Custom boolean Set to true to include a custom data subject category. Specify in custom_option.
Pd Name boolean Set to true when Name is a category of personal data processed.
Pd Contact boolean Set to true when contact information (email, phone, address) is a category of personal data processed.
Pd Employment boolean Set to true when employment information (employee ID, compensation) is a category of personal data processed.
Pd Financial boolean Set to true when financial information (bank account numbers) is a category of personal data processed.
Pd Professional boolean Set to true when professional or biographic information (resume, CV) is a category of personal data processed.
Pd Transactional boolean Set to true when transactional information (account info, purchases) is a category of personal data processed.
Pd User Activity boolean Set to true when user activity and analysis (device info, IP address) is a category of personal data processed.
Pd Location boolean Set to true when location information is a category of personal data processed.
Pd Custom boolean Set to true to include a custom personal data category. Specify in custom_option.

Security

FieldTypeDescription
Security Measures See Policy boolean Set to true when security measures reference the Security Policy.
Security Measures Custom boolean Set to true to include custom security measures. Specify in custom_option.

Privacy

FieldTypeDescription
Processing Continuous boolean Set to true when data processing is continuous.
Processing Frequency Custom boolean Set to true to specify a custom processing frequency. Specify in custom_options.
Pa Receiving boolean Set to true when receiving data (collection, accessing, retrieval) is a processing activity.
Pa Holding boolean Set to true when holding data (storage, organization, structuring) is a processing activity.
Pa Using boolean Set to true when using data (analysis, consultation, testing) is a processing activity.
Pa Updating boolean Set to true when updating data (correcting, adaptation, alteration) is a processing activity.
Pa Protecting boolean Set to true when protecting data (restricting, encrypting, testing) is a processing activity.
Pa Sharing boolean Set to true when sharing data (disclosure, dissemination) is a processing activity.
Pa Returning boolean Set to true when returning data to the data exporter or data subject is a processing activity.
Pa Erasing boolean Set to true when erasing data (destruction, deletion) is a processing activity.
Pa Custom boolean Set to true to include a custom processing activity. Specify in custom_options.

Security

FieldTypeDescription
Sm Pseudonymization boolean Set to true when pseudonymization and encryption of personal data is a security measure.
Sm Confidentiality boolean Set to true when ensuring ongoing confidentiality, integrity, availability, and resilience is a security measure.
Sm Restore boolean Set to true when ability to restore availability and access after incidents is a security measure.
Sm Testing boolean Set to true when regular testing and evaluation of security measures is a security measure.
Sm User Auth boolean Set to true when user identification and authorization process protection is a security measure.
Sm Transit boolean Set to true when protecting personal data during transmission (in transit) is a security measure.
Sm Storage boolean Set to true when protecting personal data during storage (at rest) is a security measure.
Sm Physical boolean Set to true when physical security of processing locations is a security measure.
Sm Logging boolean Set to true when events logging is a security measure.
Sm Config boolean Set to true when systems configuration and default configuration is a security measure.
Sm Governance boolean Set to true when internal IT and IT security governance and management is a security measure.
Sm Certification boolean Set to true when certification or assurance of processes and products is a security measure.
Sm Minimization boolean Set to true when data minimization is a security measure.
Sm Quality boolean Set to true when ensuring data quality is a security measure.
Sm Retention boolean Set to true when ensuring limited data retention is a security measure.
Sm Accountability boolean Set to true when ensuring accountability is a security measure.
Sm Portability boolean Set to true when allowing data portability and ensuring erasure is a security measure.

Signature Block

FieldTypeDescription
Provider Signatory Type enum Whether the Provider signatory is an entity or individual
Provider Signatory Name string Full legal name of the Provider's signatory
Provider Signatory Title string Title/role of the Provider's signatory (entity only)
Provider Signatory Company string Company name for the Provider signatory (entity only)
Customer Signatory Type enum Whether the Customer signatory is an entity or individual
Customer Signatory Name string Full legal name of the Customer's signatory
Customer Signatory Title string Title/role of the Customer's signatory (entity only)
Customer Signatory Company string Company name for the Customer signatory (entity only)

Browse all templates

42 free contract templates for NDAs, employment agreements, SAFEs, financing documents, and more.

View all templates →