If you share personal data with a common processing manager, Article 26 of the RGPD stipulates that an “agreement” must be reached between those responsible for the processing. A joint agreement on common data sharing for processing is different from a data-sharing agreement. If you need these documents, they are two of the many documents in my RGPD compliance pack that you can very inexpensively cost to /www.suzannedibble.com/gdprpack In each case, the recipient controller has its own use for personal data, and they are not subcontractors because they separately determine why and how the data is used. In other cases, the terms of use of the data processor may include or refer to a contract covering the necessary clauses, especially in the case of online web services that you could use. There is no standardized approach and different terminology is often used. The person in charge of the processing should only use subcontractors capable of providing sufficient safeguards to take appropriate technical and organisational measures for the implementation of the RGPD and the guarantee of the rights of the persons concerned. The distinction depends on whether an organization determines the “purpose and means” of processing personal data. “processing” includes the collection, storage, use and transmission of personal data. In both cases, the person in charge of the processing remains responsible for proof of compliance with data protection legislation (principle of liability). It is not necessary to have a data exchange agreement in all situations.
B, for example, if the release is already strictly defined or if it is a limited one-off opportunity. Examples of common processing managers working in the Community sector and voluntary data can jointly define the purposes and means of processing personal data in situations where: Another problem that may arise with the use of subcontractors is the international transfer of personal data outside the European Union, particularly when the service you use stores this data on servers located outside the EU. The RGPD calls this storage a “restricted transmission.” While this may be complex, it is outside the scope of this article, but you can get information from the OIC`s notice on situations in which limited transfers are allowed. personal data processed on behalf of the processing manager will help reduce the risk and clarify how the data can (and can) be used, particularly where sharing is systematic, contains detailed information or specific category data.