Remember that the data processing agreement is a contract that governs how the data controller and the processor do business. If you are a data processor and there is a data protection breach, you should report it: First describe the purpose of the agreement. Indicate the parties involved and what the GDPR data processing agreement must obtain. (vi) assist the data controller in ensuring compliance with the requirements on the security of personal data, those requirements shall not apply only to undertakings established in the European Union. Any company that collects personal data (including IP address or geolocation) of EU citizens is expected to comply with the rules of the GDPR. 6.2. The processor will ensure that all staff members of the processor who are necessary to access personal data are informed of the confidentiality of personal data and the security procedures for processing or accessing personal data. 8.3. The data controller may object to this new processor for legitimate reasons related to data protection. In the event of a justified opposition, the parties negotiate in good faith to find an alternative solution.
If such an alternative solution cannot be found and the processor decides to continue with such a subcontractor, the data controller may terminate the contract with a period of 30 days. Neither party is considered to be contrary to the contract in the event of such termination. This helps to maintain the security and security of the data processed under the agreement and helps you comply with the GDPR. A data subject may be a data subject, a data controller and a data processor, depending on his or her relationship with a number of personal data. A company that acts primarily as a data processor will also often, in some ways, be a data controller. .