Compliance is a contractual obligation. Microsoft`s standard contractual clauses are available to all cloud customers under online terms of service. You`ll find information about other services in your existing contract with Microsoft. As you may know, this site is run by the encrypted messaging provider ProtonMail (and funded in part by the European Union`s Horizon 2020 programme). As part of our RGPD compliance efforts, we have made our own data processing agreements available to all our users for download, control and signature. This duration of the contract should make it clear that it is the person in charge of the processing, not the subcontractor, who has overall control over what happens to personal data. With regard to the RGPD, the data protection officer appoints a data protection delegate and both parties must agree on a periodic review of the contractual terms. The European Commission may decide that standard contractual clauses provide sufficient data protection guarantees so that data can be transferred internationally. Treatment by a subcontractor is subject to a contract or other legal act, within the meaning of EU or Member State law, which is mandatory for the subcontractor with regard to the person in charge of the treatment and which defines the purpose and duration of the treatment, the nature and purpose of the treatment, the nature of the personal data and the categories of persons concerned.
, as well as the obligations and rights of the person in charge of the treatment. The RGPD has no legal restrictions on the form of the data processing agreement, but when the subcontractor is outside the EU and the international data transfer takes place, there are specific requirements regarding the format of the documentation. B for example, standard contractual clauses, binding rules. (B) The company wants to outsource certain services that involve processing personal data with the data processor. If you exchange personal data with other parties, you should have a data processing agreement. Sections 28 to 36 of the RGPD cover the requirements for data processing and data processing agreements. Let`s take a look at responsibilities that are a little more specific to different roles. Microsoft has made its standard contractual clauses available to the EU working group under Article 29 for review and approval. The Article 29 working group is made up of representatives of the European Data Protection Supervisor, the European Commission and each of the 28 EU data protection authorities.