No Data Processing Agreement
What does my company need to do to ensure compliance? First, identify each relationship your company has with suppliers, customers, subcontractors or contractors, agents, resellers, distributors, etc., in which you provide them with personal data or in which you are dividing personal data. Second, for each of these relationships, identify whether you are the data manager or you are the data processor. Depending on the answer, you would like to agree on a slightly different data clause – as the data manager, you will inevitably want to transfer as many loads as possible to the data processor, but as the data manager, you want the processor to be fully responsible for compliance with the law. Finally, it is established that there is a written contract between the two parties. If there is an existing contract, you must accept a change to that contract (which, in principle, should not be a problem, as the other party should also be interested in amending the contract in order to comply with the RGPD). If you do not have an existing contract, you must enter into a written agreement to ensure that the agreement contains the necessary data clause. Depending on the timetable, you may be able to use the „standard clauses“ published by the European Commission or the UK government. All contracts that you enter into that contain a personal data stream should include an appropriate data clause that corresponds to the RGPD. However, depending on the severity and nature of the injury, there are two levels of fines. Fines imposed on the RGPD for breaches of data processors are generally covered by the first stage, whose guidelines can be as serious as 10 million euros or 2% of global turnover. In any case, it is much less painful to sign a data processing agreement and to comply with the terms than to pay a penalty from the RGPD. We hope this guide will help. Other easy-to-digest helps for RGPD compliance can be accessed in our RGPD checklist.
„customer data,“ data transmitted, stored, sent or received by the customer, its associated companies or end-users through the services. Customer data may also contain personal data sent by the customer to suppliers and/or associated companies of the vendor or otherwise made available if the customer uses vendor affiliate solutions. „customer personal data,“ the personal data contained in the customer`s data, as described in Schedule 1. This data processing agreement and confidentiality agreement are governed by the laws of the SuperOffice unit with which the Customer has contracts: many CSPs reserve the right to use personal data for various purposes that have not been agreed with their processing manager (client), which is particularly common when cloud services are provided free of charge by the CSP. Processors are required to hire data processors who provide sufficient assurance that this personal data will be processed in accordance with the RGPD. Organizations must therefore check whether the use of the PSC will result in additional complications and risks and possibly a violation of the RGPD.