Indicate the processor and the controller, as well as the types of data processed. They may also address the general activities that the subcontractor will perform for the controller and, if applicable, the duration of the agreement. Some large data processors have contracts that they use with all their customers that might be appropriate for this purpose, but it would be advisable to ensure that this contract protects you from your point of view and is not only for the benefit of the subcontractor. This could make you vulnerable in certain situations. The processor may process personal data “only on the documented instruction of the controller”. This is the reason for the data processing agreement itself, but must also be explicitly included in the agreement. Many processing agreements contain this information as a schedule or as an appendix to the end of the agreement. For more details, you can read the ProtonMail data processing agreement or read the generic model data processing agreement that we have made available on this website. The GDPR sets out certain guidelines, which must be included in a data processing agreement that we will discuss later in this article. The GDPR requires data processing agreements between data controllers and data processors and also has requirements as to what should be included in these agreements.
These articles constitute the core of the GDPR guidelines regarding data processing agreements and the constituent elements of those agreements. This can be very understandable on first reading, so let`s take a look at the most important points that apply to you and your GDPR-compliant data processing agreements. As with any contract, it is advisable to define the jurisdiction in which disputes relating to the agreement are settled (the “applicable law”). Although the GDPR applies in all EU countries (with some minor exceptions), the laws applicable to contracts can vary greatly from one country to another where the data controller and processor are established. While small businesses may not need such a large number or in-depth processing agreements, they should nevertheless have them when using third-party or data processing services with which they share their users` personal data. While a data processing agreement may seem to protect the data controller from legal problems when a processor mishands their data, it actually does much more than that. Then you can specify to whom the agreement applies and what the role of each party will be. Since HubSpot uses this agreement with many different controllers, the intro is very widespread.
If you are the controller, you may want to be more specific and indicate the exact parties that are involved in each data processing agreement you have entered into. 18.104.22.168 the transmission of personal data of the company of a subcontractor to a subcontractor or between two entities of a subcontractor, if such transfer was prohibited by data protection legislation (or by the terms of data transfer agreements concluded to address the data protection limitations of data protection legislation); “data exporter” means “data controller” in this specific agreement. There are, however, two levels of fine, depending on the gravity and nature of the infringement. . . . .