It should be noted that the erasure of personal data must be carried out safely in accordance with the security requirements set out in section 32. The RGPD is very specific with respect to the tasks of the processing manager and subcontractor, and Article 28, paragraph 3, of the RGPD stipulates that there must be a written contract between the person in charge of the processing and the subcontractor, in which the purpose of the processing and its duration, as well as its nature and nature, the nature of the personal data , the nature of personal data, the nature of personal data, are clearly explained. , specific categories of data, as well as the obligations and rights of both parties. 5.1 The subcontractor has no right to make (or pass on) a subcontractor, unless necessary or approved by the company. With regard to international data transfers, Privacy Shield is an authorized solution as personal data from the EEA arrives in the United States, but if data is transferred across many borders, other solutions, such as standard contractual clauses approved by the European Commission or binding business rules, may be more appropriate. In accordance with Article 28, paragraph 3, point h), the agreement must require: the recruitment of experienced legal advisors can help you meet the requirements of the RGPD in order to understand all the risks associated with the development or negotiation of a data processing agreement in accordance with the RGPD. Fines for non-compliance can be in the millions of dollars. Choose a law firm with expertise in RGPD and technology transactions. For more details, you can read the ProtonMail data processing agreement or the generic model of data processing agreements that we have made available on this site. 2019-02-12 – The handling of sensitive personal data can be a sensitive issue. The RGPD more or less clearly defines areas of technical and organizational competence. There are several provisions for data processing agreements.
However, these regulations are formulated in a theoretical context. Their practical application may leave some aspects obscure. Have you ever wondered if your work case requires a Dpa or not? We present five cases that do not require Dpa, although at first glance it looks like this. When a subcontractor acts outside the instructions of the treatment manager to decide the purpose and means of treatment, he is considered responsible for the treatment of that treatment and assumes the same responsibility as a person responsible for the treatment.