This duration of the contract should make it clear that it is the person in charge of the processing, not the subcontractor, who has overall control over what happens to personal data. The RGPD requires that the following information be included in your data processing contract: A subcontractor cannot use the services of a subcontract without the express or general prior written permission of the processor. When authorization is granted, the subcontractor must enter into a contract with the subcontractor. The contractual terms of Article 28, paragraph 3, must provide a level of protection for personal data equivalent to that of the contract between the processing manager and the subcontractor. Transformers are responsible for processing compliance with the subprocessings they use. The data processor must allow the processor to conduct audits. These can be performed by another organization on behalf of the processing manager. The data processing agreement must allow it, but it can also lay the groundwork. 5.1.
The data processor will implement and maintain the required and organizational security measures to protect personal data from accidental or unlawful destruction, loss, damage or tampering, as well as from any unauthorized disclosure, abuse or other treatment, in violation of the requirements of the Data Protection Act. The processing of the data by the person in charge of the processing should only be treated by the person in charge of the processing. The subcontractor must have adequate information security, must not resort to subcontracting without knowing and the consent of the person in charge of the processing, must cooperate with the authorities in case of request, report to the person in charge of the data protection, as soon as he is aware of them, give the person in charge of the processing the opportunity to carry out audits verifying compliance with the DSGVO , to help the person in charge of the treatment, to respect the rights of the people concerned. , should assist the processing manager in dealing with the consequences of data breaches, delete or return all personal data at the end of the contract, at the choice of the processing manager, and inform the processing manager if the processing instructions violate the RGPD. This provision requires the subcontractor to provide the processing officer with proof that he has followed the entirety of section 28. For example, the subcontractor could do this by providing the necessary information to the processing manager or by submitting to a check or inspection. 12.1 Confidentiality. Each party must keep confidential this agreement and the information it receives about the other party and its activities related to this agreement (“confidential information”) and may not use or disclose this confidential information without the prior written consent of the other party, unless:a) disclosure is required by law;b) the relevant information is already available to the public. (ii) communicate the person`s name and contact information with the data processor, where more information can be obtained, the protection of personal data has always been a top priority for Templafy and we welcome the new General Data Protection Regulations (GDPRs) which will come into force on May 25, 2018. One of the requirements of the RGPD is that we must describe how we should ensure compliance with the RGPD and commit to doing so in a data processing agreement with our customers. The university`s data processing agreement model is available here: vi) to a relevant extent, helping processing managers ensure compliance with personal data security requirements, 6.2.