Processor Agreements

If you are a contractor subject to the RGPD, it is in your best interest to have a data processing agreement: it is first required for RGPD compliance, but the privacy policy also gives you assurance that the data processor you are using is qualified and competent. As shown in recital 81:, the transfer of personal data from a contract subcontractor to a subcontractor or between two branches of a contract processor would be prohibited, in any case, if such transfers would be prohibited by data protection legislation (or by the terms of data transfer agreements put in place to establish data protection restrictions relating to data transmission); Matrix Software is both controller and processor. We are responsible for the personal data that customers and suppliers share with Matrix, so that we implement our contract, stay in touch with you, process your payments, etc. We also process personal data in our software products that you share with us, z.B. if a Matrix employee has a remote connection to your computer or has a backup of your (customer) database. In addition, Matrix is a personal customer data processor of customers in online applications such as WebKozijn. According to AVG, each Matrix user must enter into a processing agreement with Matrix. To simplify this, Matrix takes the initiative for all customers. The processor agreement has become part of the general terms and conditions of sale (AV). The RGPD defines the fundamental principles of the minimum requirements to be included in each data processing agreement. These requirements are primarily aimed at ensuring that individuals are protected by a system of checks and balances between the processor and the data processor, but these guidelines also provide several levels of protection to all parties involved.

Sections 28 to 36 of the RGPD cover the requirements for data processing and data processing agreements. This is a fairly large amount of information, but let`s break it down into more manageable terms that you can apply to your business. The EU`s general data protection regulation is more serious about contracts than previous EU data protection rules. If your organization is subject to the RGPD, you must have a written data processing agreement with all data processors. Yes, a data processing agreement is boring paperwork. But it is also one of the most fundamental steps of RGPD compliance and necessary to avoid RGPD sanctions. While small businesses may not need such large or in-depth data processing agreements, they should still have them when using third-party services or data processors with which they share their users` personal data. These agreements are not only a legal burden of the RGPD, but a necessary contract to protect each party and the persons concerned. Depending on the amount and amount of treatment you need, a lawyer will probably be required, as these contracts can be quite long, with the clauses required by the RGPD and those required by your organization on the basis of its operations.

Comments are closed.