The data processor must allow the processor to conduct audits. These can be performed by another organization on behalf of the processing manager. The data processing agreement must allow it, but it can also lay the groundwork. “While the breach of personal data may pose a high risk to the rights and freedoms of individuals, the person in charge immediately notifies the violation of the personal data of the person concerned.” 3.2. The data processor assumes no responsibility for data downloaded by the data manager in the Templafy Desktop. When the data processor is required to transfer or process data outside the EU, the processor must ensure that the subcontractor complies with the appropriate RGPD approved protocols for transferring or storing that data. As we want to help our users on as many fronts as possible, we have developed a model for the data processing agreement. The model is currently available via Quip (where you can export to the top left – in different file formats) and .docx subload directly: a data editor cannot process data in a way that violates privacy rules, even under the supervision of the processing manager. In this way, both parties are expected to meet compliant data protection standards. 2.6 With the exception of the data described in Figure 1, data processed by the data processor will not be included under any circumstances (non-exhaustive examples): this data processing agreement (“DPA”) defines the data protection obligations of the parties arising from the processing of personal data by the data processor on behalf of the responsible data data in the context of the offer , the service agreement or other agreement between the parties (“agreement”). Thus, Sendmate`s agreement meets this obligation: EU data protection legislation clearly states that no processing manager can transfer customer data from one processing manager to another subcontractor without the written consent of the processing manager.
Therefore, when a data publisher intends to work with subprocessors, this must be included as part of the RGPD data processing agreement. If the person in charge of the processing remains responsible for granting these rights to consumers when requesting them, this should be specified in the RGPD data processing agreement. The same applies when the responsibility lies with the data processor. The processor may also require the data processor to comply with these requirements, if necessary.