This guide serves as an introduction to data processing agreements – what they are, why they are important, who they are and what they need to say. You can also follow the link to find a template for a GDPR data processing agreement that you can download, customize, and use for your business. The processor processes personal data only on and in accordance with the instructions of the controller. The processor shall not process personal data without prior written consent with the controller or without written instructions from the controller, which go beyond what is necessary to fulfil its obligations towards the controller of the agreement. Learn more about third-party processing contracts >> This data processing agreement governs the rights and obligations of the processor to ensure that all processing of personal data complies with applicable data protection legislation. Under the CCPA, “third party” is defined in the same way by what it is not, not by what it is. First, a third party is not the company that itself collects consumers` personal data under the CCPA, which seems pretty obvious, but will have less obvious consequences – for example. B if some of the data is transferred to a third party and some of the data it collects directly for related business purposes (multiple roles for the same company should be possible, similar to that of the GDPR). While data controllers are ultimately responsible for their subcontractors` compliance with the GDPR, this does not mean that compliance with the GDPR is not your concern as a data processor or something you can rely on, that your controllers are dealing with it on your behalf. This document provides an overview of how SuperOffice processes customer data regarding the data processing contract for support and consulting services (section A). A guide with further instructions will also be made available to the customer. Controllers should carry out a number of due diligences with regard to the processors they have set up, which can be grouped together as a data protection control, documentation of data processing activities and, of course, verification.
⇒ One of the most important elements of a DPA is whether your subcontractors offer sufficient guarantees to protect the data transmitted to them. According to the GDPR, you can be held liable in the event of a data protection breach, even if it is on the side of the processor. It is therefore important to choose processors that take sufficient measures to minimize the risk of a data breach. In addition, subcontractors should also take sufficient measures to reduce the impact of a breach and inform you in a timely manner. ⇒ data providers should not be able to process your data for any purpose other than your DPA and outsourcing. Accordingly, you should check how the processor uses the data you transmit to it; if this is done in accordance with your contract or if the processor intends to use the data for its own purposes.. . .