Note that many of the RGPD`s data processing contract requirements are included in this list, such as the subcontractor requirement. B to follow the instructions of the processing manager and inform the person in charge of the treatment if any of these instructions are contrary to the data protection law. Using the RGPD requirements as a guide to this section can be helpful in ensuring that both parties remain compliant. When the processor assigns processing activities to a subcontractor, it should only use processors with sufficient safeguards, including expertise, reliability and resources, to implement technical and organizational measures that meet the requirements of this regulation, including for processing security. This is a standard part of each contract. As always, we should mention that any treaty changes must be accepted by both parties. However, in the case of a data protection authority, it should be noted that such a document replaces all other agreements between the data processor and the processor. 8.2 The data processor determines the appropriate state of technical and organizational measures. In determining this provision, the data processor takes into account in particular the risks associated with processing, i.e. the risk of accidental or unlawful destruction, loss, modification, unauthorized disclosure or access to personal data that has been transmitted, stored or processed by other means.

The service client as the processing manager must take responsibility for complying with existing data protection laws. In particular, the customer is required to assess the legality of the processing of personal data stored on the platform. LinkedIn provides data processing services to marketing customers and gives in the standard DPA the following statement: 14 If we use an external data processing agent for the processing of personal data, a written data processing agreement is signed between us and the data processor. This applies in particular. B to the use of an external repository of documents or the use of cloud systems for processing personal data, including communication with the customer. Similarly, a written agreement is reached between us and our client every time we act as data processors. Data processing agreements are also available electronically. It regulates the specifics of data processing, such as the scope and purpose, as well as the relationship between these actors.

In addition, it assigns certain obligations required by the regulation. Based on the text of the regulation, our own experience and expertise, we have compiled a list of items that any data processing agreement should have.