onTerms.org
The data-protection module

When a deal touches personal data, the terms are already written.

onDPA is the module you add whenever an order processes personal data. It supplies standardized controller and processor terms in the GDPR Article 28 shape, so you are not drafting a data processing agreement from a blank page for every counterparty. You add it to the order, fill in a few structured details, and the obligations are set.

Browse the modules Verify an order

Standardized terms, not a fresh negotiation

A data processing agreement is usually re-papered for every relationship: the same obligations, reworded, re-argued, and re-checked each time. onDPA replaces that with one fixed body of terms that both sides can read and trust on sight.

It works exactly like the rest of onTerms. It is incorporated into your order by reference and pinned by content hash, so the data-protection terms in your deal are the exact published text, locked at the moment you sign. Nothing drifts afterward, and a counterparty can confirm it for free.

  • One body of data-protection terms, read the same way by every counterparty.
  • Pinned by content hash, so the deal locks to the exact published text.
  • Pairs with CORE and your sector module under one shared dictionary.

What it covers

The full set of processor duties you would expect in a serious data processing agreement, fixed in standard form so they cannot be quietly watered down.

Controller and processor terms
Article 28 style processing terms, written once and held in common. The processor acts on documented instructions, keeps staff under confidentiality, and assists with data-subject requests and breach handling.
A security floor
A baseline of technical and organizational measures that cannot be weakened. You can elect a stricter assurance level, from a low-cost UK baseline up to independent audit, and that choice becomes a binding commitment.
Sub-processor handling
General authorization with an up-to-date list, advance notice of any change, a data-protection objection right by default, and the processor staying fully responsible for anyone it brings in.
Breach notification
A maximum notice window for telling the controller about a personal-data breach, with enough detail to meet its own duties. The window is a ceiling. A stricter one always wins.
Return and deletion on exit
At the end of the engagement the processor deletes or returns the personal data within a chosen window, with the narrow, lawful exceptions you would expect.
International transfers
Move data across borders only with an appropriate safeguard in place. The transfer mechanism is an election, so the order itself records which one applies.

Transfers handled by annexes you fill in

Moving personal data across borders needs an approved safeguard. onDPA carries the standard mechanisms, including UK and EU contractual clauses, plus support for a recognized framework that covers transfers to a qualifying US recipient.

You do not draft those clauses. onDPA provides structured annex templates, the processing details, the security measures, and the sub-processor list, and you fill in the specifics for your deal. The standard clauses then come pre-attached. New annex templates and the framework-based transfer route are included.

Annex A: Processing details

Subject matter, duration, the nature and purpose of processing, the data types, and the categories of people involved.

Annex B: Security measures

The baseline technical and organizational measures, mapped to the assurance level you elect.

Annex C: Sub-processors

Each sub-processor by name, service, location, and the safeguard that covers any transfer.

A small set of bounded choices

The negotiable surface is a short list of typed, range-bounded elections. You pick within the allowed set, and a verifier can confirm at a glance that every choice is in range. Each election can only tighten the standard, never weaken it.

  • Breach notice window, from a standard delay down to 24 hours.
  • Security assurance level, from an accessible UK baseline up to independent audit.
  • Deletion window at exit: 30, 60, or 90 days.
  • Sub-processor objection right, on by default.
  • International transfer mechanism, required whenever a UK or EU law governs.

It does not stand alone

Pairs with CORE
CORE is the spine of every deal. onDPA sits on top of it and inherits the same liability and precedence rules, with the carve-outs data-protection law requires.
Pairs with your sector module
Add it alongside the module for your trade, such as SaaS or Creator. It is pulled in automatically whenever that deal involves personal data.
One shared dictionary
Controller, Processor, Personal Data, and the rest mean exactly one thing across every module in the deal. No second definition waiting to surface in a dispute.
What it is
Standardized terms and annex templates
  • A fixed, incorporable body of controller and processor terms.
  • Structured annex templates you fill in, with the standard clauses attached.
  • Bounded, machine-checkable elections for the few choices a deal needs.
What it is not
Not legal advice

onDPA gives you standardized terms and annex templates. It does not give you legal advice and it is not a substitute for your own data-protection counsel. You decide whether the terms fit your situation, what to elect, and how to complete the annexes.

Treat it as a strong, common starting point that removes the drafting work, not as sign-off on your specific processing.

Add data protection without drafting a thing.

Reference onDPA, fill in the annexes, and the deal carries proper controller and processor terms. Read and verify it for free, and pay only when you sign.

Browse the modules Verify an order