1. Data Security Obligations

• Explicit clause requiring the Data Processor to implement technical and organizational measures (TOMs) aligned with the Fiduciary’s standards.
• Examples: encryption, access control, network security.

2. Compliance with Applicable Laws

• Include a clause requiring the Processor to comply with the Digital Personal Data Protection Act, 2023, and any other sector-specific security norms.

3. Confidentiality

• Bind employees, agents, and subcontractors of the Processor with strict confidentiality obligations through NDAs or internal policies.

4. Right to Audit & Inspect

• Grant the Data Fiduciary the right to audit or appoint third-party auditors to inspect the Processor’s security posture and data handling practices.

5. Data Breach Notification Clause

• Define timelines (e.g., within 24 hours) and methods for the Processor to notify the Fiduciary about any suspected or actual data breach.

6. Sub-processing Control

• Require prior written consent from the Data Fiduciary before engaging sub-processors, with back-to-back data protection obligations in place.

7. Return or Erasure of Data

• Mandate secure return or deletion of personal data at the end of the contract or upon request, following verifiable deletion protocols.

8. Indemnity & Liability

• Clearly outline liabilities in the event of non-compliance, breach, or negligence, and include an appropriate indemnification clause.