1.1.4 “data protection laws” means your data protection legislation and, where applicable, the data protection legislation of another country; the contract (or any other legislative act) sets out the modalities of the processing, including: ☐ the processor must ensure that the persons processing the data are subject to an obligation of trust; ☐, the processor must delete all personal data at the end of the contract or return them to the controller (at the choice of the controller), and the processor must also delete existing personal data, unless the law requires their retention; and for more details, you can read the ProtonMail data processing agreement or read the generic model data processing agreement that we have made available on this website. 8. Data protection impact assessment and prior consultation The processor shall provide appropriate assistance to the company for all data protection impact assessments and prior consultations with supervisory authorities or other competent data protection authorities that the company deems reasonably necessary in accordance with Articles 35 or 36 of the GDPR or equivalent provisions of another protection law data selection. in any case, only with regard to the processing of the company`s personal data by and taking into account the nature of the processing and the information available to the subcontractors. This guide serves as an introduction to data processing agreements – what they are, why they are important, who they are and what they need to say. You can also follow the link to find a template for a GDPR data processing agreement that you can download, customize, and use for your business. Where a controller uses a processor to process personal data on his or her behalf, there must be a written contract between the parties. A subcontractor may not use the services of a subcontractor without the prior written or specific authorization of the controller. If an authorization is granted, the subcontractor must enter into a contract with the subcontractor. The contractual conditions relating to Article 28(3) must offer an equivalent level of protection for personal data as in the contract between the controller and the processor. Subcontractors remain responsible to the person responsible for the respect of the sub-transformers they have. ☐ taking into account the type of processing and the information available, the processor must assist the controller in the performance of its obligations relating to processing security, reporting of personal data protection breaches and data protection impact assessment; Where a processor uses another organisation (i.e. a processor) to assist it in processing personal data for a controller, it must enter into a written contract with that processor.
Processing by a processor is covered by a contract or other legal act under Union or Member State law, which binds the processor to the controller and defines the object and duration of the processing, the nature and purpose of the processing, the nature of the data and categories of data subjects and the obligations and rights of the controller. The term “treatment” appears in this article with disgusting frequency. In the definitions of the GDPR, processing essentially refers to everything you can do with a person`s personal data: collect, store, monetize, destroy, etc. Where a processor is entrusted with transformation activities, the controller should only use processors that offer sufficient guarantees, including expertise, reliability and resources, to take technical and organisational measures in accordance with the requirements of this Regulation, including the security of processing. Download our checklist to see if your controller processor agreements cover all the required points. As you may know, this website is operated by the encrypted email provider ProtonMail (and funded in part by the European Union`s Horizon 2020 programme). . . .