No comments yet

Gdpr Compliant Data Sharing Agreement

In other cases, the subcontractor`s terms of use may contain or refer to a contract that covers the necessary clauses, especially in the case of online web services that you may use. There is no standardized approach and different terminology is often used. You also need a legal basis for the processing of personal data, for which there are six possible reasons: (B) The company wishes to assign to the processor certain services that involve the processing of personal data. LocalActivities is the data controller, as they have decided on the purposes and means of the use of personal data, i.e. to collect registration information for an event they organize. Companies share all kinds of data for all sorts of reasons. However, if this data is personal data, additional attention is required. In some cases, a data controller shares data with another data controller (instead of delegating processing to a processor). The processor should be able to demonstrate to the controller an approach to information security, expertise, reliability, resources, compliance with the principles and the exercise of its rights in compliance with the requirements of the GDPR. This helps the controller to determine whether sufficient safeguards have been fulfilled. The reasons for the processing cannot be adjusted or modified retroactively, that is: You cannot justify otherwise the processing or transfer of data. Privacy policies should be consistent and trustworthy, regardless of your being. Another problem that may arise when using subcontractors is the international transfer of personal data outside the European Union, especially when the service you use stores this data on servers located outside the EU.

The GDPR designates such storage as a “restricted transfer”. Although it can be complex, it is outside the scope of this article, but you can get information from the OIC guidelines on the situations in which limited transfers are allowed. In other situations where the recipient of the data is another controller and not a common controller, it is up to the controller who shares the data to determine what is necessary to comply with the provisions of the GDPR and protect the privacy of individuals. Before you can even think about data transmission, you need to make sure that any data you have (and may want to share) has been processed and stored in accordance with the GDPR….