Gdpr Compliant Data Processing Agreement Template
kenty9x | December 9, 2020 | 0Twitter`s data processing agreement is a useful example. Twitter says it stands ready to provide you with “appropriate cooperation and support with regard to your obligations regarding law enforcement requests, data protection violations, the rights of the persons concerned and requests from the supervisory authorities”: if the person in charge of the processing remains responsible for granting these rights to consumers, this should be specified in the RGPD data processing agreement. The same applies when the responsibility lies with the data processor. The processor may also require the data processor to comply with these requirements, if necessary. Note that many of the RGPD`s data processing contract requirements are included in this list, such as the subcontractor requirement. B to follow the instructions of the processing manager and inform the person in charge of the treatment if any of these instructions are contrary to the data protection law. Using the RGPD requirements as a guide to this section can be helpful in ensuring that both parties remain compliant. Under section 28 of the RGPD, processors and data processors must enter into a “data processing agreement” in writing, including electronic form. More information about the requirements can be found in our RGPD offline Compliance Duties article. As you can see, a data processing agreement is not just necessary for each company to order data processing services. It is also prescribed by law and enforceable.
Note that the setting of subprocessors is allowed after the general written consent of the processor. Such a written agreement can be entered into the data processing contract. The data processor takes appropriate steps to ensure that it is possible to review and determine where personal data is intended to be transferred through a data transmission system, so that personal data cannot be read, copied, modified or deleted without authorization during electronic transmission or transport. Not only is a data processing agreement specifically mentioned in the law, processors are required to cooperate with data processors who can provide assurance that they are in compliance with the RGPD. The RGPD requires that all data processing, carried out by a data processor on behalf of a processing manager, be carried out under a written contract. 13.1. At the expiry of the contract, the data manager (at the data manager`s choice) must destroy or return to the data manager all data in his possession or control. The processing manager reserves the right to delete personal data from all locations after 90 days if the processing manager has not chosen either option. This requirement does not apply to the extent that current legislation requires the processor to retain some or all of the data.
Recent Comments