(f) at the request of the data exporter, to present its data processing services for the review of processing activities covered by the clauses, carried out by the data exporter or by a supervisory body composed of independent members and holding the required professional qualifications, which are related to a confidentiality obligation, possibly chosen by the data exporter , provided that the data exporter does so, if necessary, in agreement with the supervisory authority; We hope this blog will give you a good idea of what a data processing agreement should look like. However, we know that this is a complex issue and you may still have some outstanding issues. Outsourced processing: We host our service with outsourced cloud infrastructure providers. In addition, we have contractual relationships with suppliers to provide the service in accordance with our data protection authority. We rely on contractual agreements, confidentiality policies and compliance programs for suppliers to protect data processed or stored by these providers. What does my company need to do to ensure compliance? First, identify each relationship your company has with suppliers, customers, subcontractors or contractors, agents, resellers, distributors, etc., in which you provide them with personal data or in which you are dividing personal data. Second, for each of these relationships, identify whether you are the data manager or you are the data processor. Depending on the answer, you would like to agree on a slightly different data clause – as the data manager, you will inevitably want to transfer as many loads as possible to the data processor, but as the data manager, you want the processor to be fully responsible for compliance with the law. Finally, it is established that there is a written contract between the two parties. If there is an existing contract, you must accept a change to that contract (which, in principle, should not be a problem, as the other party should also be interested in amending the contract in order to comply with the RGPD). If you do not have an existing contract, you must enter into a written agreement to ensure that the agreement contains the necessary data clause. Depending on the timetable, you may be able to use the “standard clauses” published by the European Commission or the UK government.
All contracts that you enter into that contain a personal data stream should include an appropriate data clause that corresponds to the RGPD.