Section 32 sets out the security requirements for processing managers and subcontractors to protect the rights and safety of their persons. These security measures are outlined in the RGPD guidelines on appropriate data processing agreements. (C) The parties are working to implement a data processing agreement in line with the requirements of the current legal framework for data processing and the 2016/679 European Parliament and Council 27 April 2016 on the protection of individuals in the processing of personal data and the free movement of personal data and repealing Directive 95/46/EC (General Data Protection Regulation). Both processors and subcontractors must ensure the secure storage and processing of information, including: compliance with the RGPD requires the feders to sign a data processing agreement with all parties acting on their behalf as data processors. If you need some definitions of these terms, you can find them in our article “What is the RGPD,” but as a general rule, a data processor is another company you use to help you store, analyze or communicate personal information. For example, if you are a health insurance fund and you share customer information via encrypted emails, this encrypted messaging service is a data processor. Or if you use Matomo to analyze traffic on your site, Matomo would also be a data editor. The EU`s general data protection regulation is more serious about contracts than previous EU data protection rules. If your organization is subject to the RGPD, you must have a written data processing agreement with all data processors.

Yes, a data processing agreement is boring paperwork. But it is also one of the most fundamental steps of RGPD compliance and necessary to avoid RGPD sanctions. A few simple steps help the company meet its obligations in contracts with third parties and reduce the risks associated with the misuse of data by third parties. In addition, data protection authorities must include specific requirements for subcontractors: a data processing contract is a legally binding contract that establishes each party`s rights and obligations to protect personal data (see “What is the personal data?”). Article 28 of the RGPD relates to data processing agreements covered in section 3: This guide serves as an introduction to data processing agreements – what they are, why they are important, who they are and what they have to say. You can also follow the link to find a RGPD data processing model that you can download, customize and use for your business. The short answer is “yes.” The processing managers are responsible for compliance with the law by all third-party developers they use, so your contract with a processing manager as a subcontractor covers compliance with the RGPD. Data protection cannot be documented as another construction clause in agreements between the parties. On the contrary, they must be separate and specific agreements (or additions to the main agreement). This balance gives each party a certain degree of responsibility for the other, which occurs lifeless, without the other`s knowledge. In essence, a CCA is a form of assurance that the subcontractor performs its duty of care to ensure the privacy of personal data. Yes, for example.

B a controller and processor contract a privacy notice and the processor is in breach, the data protection authority could restrict the responsibility of the person in charge of handling the breaches. Given that the EU`s general data protection regulation is still in force for some time and that its concepts of “controller” and “processor” are still in force much longer, it seems that there is an established practice for identifying third parties and where they fit into this image.