The new data processing contract requirements mean that you need to review, prioritize and modify your existing contracts with your agency`s suppliers to ensure that these contracts contain all the necessary elements. All relevant contracts in force on May 25, 2018 must meet the new requirements of the RGPD. 1.1.4 “Data protection laws” are EU data protection laws and, where appropriate, data protection or data protection legislation from another country; You should also check all bid contracts used with new suppliers to ensure that minimum requirements for the RGPD are included in contracts with your agency`s suppliers. Trade associations have partnered with Simon Morrissey, Lewis Silkin`s data protection lawyer, to develop the clause that will be used as a variation supplement for clients and agencies. Please note that the supplier`s instructions, endorsement and cover letter apply only to contracts between an IAP member agency and its suppliers who provide services to the Agency. This guide does not apply to customer contracts between your agency and your own clients. Information about customer contracts can be found in the Customer Contracts section. This duration of the contract should make it clear that it is the person in charge of the processing, not the subcontractor, who has overall control over what happens to personal data. 220.127.116.11 the transfer of personal data from the company by a contract subcontractor to a subcontractor or between two branches of a commercial subcontractor, at least where such transmission would be prohibited by data protection legislation (or by the conditions of data transfer agreements put in place to impose restrictions on data protection); There are a number of different ways to do this audit process, and a lot depends on the number and complexity of the different supplier contracts your agency has. Both those responsible for the processing and the subcontractors are required, under Article 32, to take appropriate technical and organizational measures to ensure the security of the personal data they process, which may include, where appropriate, the following: processors may only use subcontractors who can provide sufficient safeguards to take appropriate technical and organizational measures to ensure that their treatment complies with the requirements of the RGPD and protects the rights of those affected. ☐ the subcontractor must delete all personal data (at the choice of the processing manager) at the end of the contract or return it to the processing manager, and the subcontractor must also delete existing personal data, unless the law requires its storage; and (iii) that the data processor meets its obligations under data protection legislation and provides an adequate level of protection for all personal data transmitted; And it`s going to change your business. It`s coming.
They have to be ready. However, like many important changes in the economy, there are great opportunities for all concerned. Those who do it well will move forward. If you only take it seriously if it is too late, you could have huge consequences.