Ico Controller Processor Agreements

Contracts between processing managers and subcontractors ensure that they understand their obligations, responsibilities and commitments. Contracts also help them comply with the RGPD and help officials demonstrate compliance with individuals and regulators. 5.1 The subcontractor has no right to make (or pass on) a subcontractor, unless necessary or approved by the company. ☐ the subcontractor must take appropriate measures to ensure the safety of the processing; The OIC points out that in the United Kingdom, the use of a written contract between the processing manager and the subcontractor for its processing activities is the most appropriate method of complying with the RGPD. The OIC provides that a direct contract is not required as long as the subcontractor is contractually bound to the person in charge of the processing. In addition, any agreement between a processor and a subcontractor must be confirmed in a written contract and offer a level of data protection identical to that of the contract between the feder and the subcontractor. Your company/organization offers babysitting services via an online platform. At the same time, your company/organization has a contract with another company that allows you to offer value-added services. These services include the possibility for parents not only to choose the babysitter, but also to rent games and DVDs that the babysitter can bring. Both companies are involved in the technical implementation of the site. In this case, both companies have decided to use the platform for both purposes (babysitting services and DVD/Games rental) and they will very often share the names of customers. As a result, the two companies are joint controllers because they offer not only the possibility of « combined services » but also the design and use of a common platform. The treatment can only be used on the documented instructions of the processor processor who can provide sufficient safeguards to take appropriate technical and organizational measures to ensure that their treatment complies with the requirements of the RGPD and protects the rights of those affected.

When a processing manager uses a subcontractor to process personal data on his or her behalf, there must be a written contract between the parties. The new guide contains the following checklists to determine whether you are a controller or a processor: in paragraph 16 of the Old Guidelines, there is a list of decisions and if an organization makes one of those decisions, it will be a processor. On the other hand, the new guide indicates that the more the boxes are checked in the checklists above, the more likely it is that a party will enter that particular category.

Posté dans Non classé