The EU`s general data protection regulation is more serious about contracts than previous EU data protection rules. If your organization is subject to the RGPD, you must have a written data processing agreement with all data processors. Yes, a data processing agreement is boring paperwork. But it is also one of the most fundamental steps of RGPD compliance and necessary to avoid RGPD sanctions. The agreement must state that, given the nature of the processing and the information available, the subcontractor must assist the processing manager in fulfilling his obligations: given the complexity of the task, it is advisable to have a data processing agreement as a separate document. This provision requires the subcontractor to provide the processing officer with proof that he has followed the entirety of section 28. For example, the subcontractor could do this by providing the necessary information to the processing manager or by submitting to a check or inspection. Subcontractors must also assist processing managers in providing them with access to their data and assist those responsible for processing in their obligations to those affected under the RGPD, for example by providing individuals with data that responds to a request for access to persons. Under the RGPD, individuals have the right to correct or delete their personal data. Responsibility for this must now be incorporated into the contracts for the treatment of managers/contractors, which require subcontractors to assist those responsible for processing who are involved in such requests to correct or delete a person`s personal data. ☐ given the nature of the processing and the information available, the subcontractor assists the processing manager in carrying out his RGPD obligations with respect to processing security, notification of personal data breaches and data protection impact analyses; Your company/organization is a common responsible leader when it determines, in conjunction with one or more organizations, why and how personal data should be processed. Joint air traffic controllers must enter into an agreement defining their respective responsibilities for compliance with the RGPD rules.
Key aspects of the agreement must be communicated to those whose data is being processed.