The RGPD anticipates that a processing manager should use only one subcontractor with sufficient safeguards to implement appropriate technical and organizational measures to ensure that the treatment complies with the requirements of the RGPD and that the rights of the individual concerned are respected. As a result, processors should apply the duty of care prior to intervention on the transformers being considered, including indirect transfers. This should include an assessment of data transfers, especially since indirect transmissions are, in the first place, invisible. Specific obligations for RGPD processors are listed below and must be reflected in the agreement between the processor and the processor (or the transformer and subprocesser). 188.8.131.52 the transfer of personal data from the company by a contract subcontractor to a subcontractor or between two branches of a commercial subcontractor, at least where such transmission would be prohibited by data protection legislation (or by the conditions of data transfer agreements put in place to impose restrictions on data protection); What must be included in the agreement depends on the use of a waiver, a derogation or other transfer mechanism to legitimize the transfer of personal data. For some transmission mechanisms, it may be useful to include the mechanism in the agreement itself, for example. B when controller SSCs are used. They should also refer to other relevant agreements. Consider providing services from subcontractor to controller (or subprocessing to processor). The descriptions in the agreement should accurately reflect the processing of the data. The delegation agreement must reflect the applicable mandatory requirements of the RGPD. Before you start verifying or creating the agreement, you need to define the data processing relationship between the parties, for example. B if the data is used in conjunction with the controller, processor controller or subprocessor processor or a combination of the computers above.
The RGPD does not require those responsible for processing that exchange information separately, while the parties may choose to take care of the responsibilities and review the trade agreement also with respect to privacy. A contract for the transfer of data from controller to processor must be addressed: this data processing agreement is adapted by the ProtonMail DPA, which is on this page.