Data Processing Agreement Box

To ensure compliance with the requirements of the Regulation, companies that outsource activities involving the processing of personal data (controllers) to subcontractors (processors) should use only processors providing sufficient warranties, in particular in terms of expert knowledge, reliability and resources, to implement technical and organisational measures which will meet the requirements of this Regulation, including the security of processing. In addition, the carrying-out of processing by a processor shall be governed by a contract or other legally binding document setting out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects, taking into account the specific tasks and responsibilities of the processor in the context of the processing to be carried out and the risk to the rights and freedoms of the data subject.

The DPA Box contains the standard forms and tools needed, which when suitably edited and adapted to your business’s needs, constitute a real, effective step towards achieving compliance with the relevant obligations imposed by the GDPR.