Contract Data Processing Agreement

12.1.2 These CCA and all non-contractual or other obligations arising from or in connection are governed by the laws of the country or territory defined for this purpose in the agreement. What does my company need to do to ensure compliance? First, identify each relationship your company has with suppliers, customers, subcontractors or contractors, agents, resellers, distributors, etc., in which you provide them with personal data or in which you are dividing personal data. Second, for each of these relationships, identify whether you are the data manager or you are the data processor. Depending on the answer, you would like to agree on a slightly different data clause – as the data manager, you will inevitably want to transfer as many loads as possible to the data processor, but as the data manager, you want the processor to be fully responsible for compliance with the law. Finally, it is established that there is a written contract between the two parties. If there is an existing contract, you must accept a change to that contract (which, in principle, should not be a problem, as the other party should also be interested in amending the contract in order to comply with the RGPD). If you do not have an existing contract, you must enter into a written agreement to ensure that the agreement contains the necessary data clause. Depending on the timetable, you may be able to use the “standard clauses” published by the European Commission or the UK government. All contracts that you enter into that contain a personal data stream should include an appropriate data clause that corresponds to the RGPD. The appointment of a representative means that all data protection matters are addressed to that representative by individuals or data protection authorities, but the appointment of the representative does not affect the responsibility and responsibility of the person in charge of the processing or subcontractor according to the RGPD. According to faithful practice, RGPD-compliant contracts should include: who ensures that the data cannot be read, copied, modified or deleted without authorization during electronic transmission, including: 2.

The previous written contract between the data importer and the subprocesser also provides for a third-party clause, referred to in paragraph 3, where the person concerned is unable to benefit from the compensation provided in paragraph 1 of paragraph 6 against the exporter of data or the importer of data , because they have in fact disappeared, they no longer exist or have not become legally insolvent and no successor organization has assumed, by contract or by law, the full legal obligations of the data exporter or data importer. This liability of one-third of the subprocessor is limited to its own processing operations in accordance with the clauses. E. Data protection impact analyses and consultations with supervisory authorities. To the extent that we have reasonable information and you do not have access to the necessary information by other means, we will provide you with appropriate assistance in any data protection impact analysis and prior consultations with supervisory authorities or other data protection authorities, as far as EU data protection legislation requires. 4. The data exporter keeps a list of sub-processing agreements concluded under the clauses and communicated by the data importer in accordance with point 5, point j), and updated at least once a year. The list is subject to the data protection regulator of the data exporter. When the processor assigns processing activities to a subcontractor, it should only use processors with sufficient safeguards, including expertise, reliability and resources, to implement technical and organizational measures that meet the requirements of this regulation, including for processing security.