Sections 28 to 36 of the RGPD cover the requirements for data processing and data processing agreements. This is a fairly large amount of information, but let`s break it down into more manageable terms that you can apply to your business. If Matrix concludes a security incident or data breach, Matrix will notify the customer as soon as possible after Matrix becomes familiar with the data breach. To do this, Matrix ensures that all employees are and remain able to detect a breach of privacy and expects its customers to meet these requirements. In the event of a breach of the privacy of a supplier or a matrix subprocessor, Matrix reports the customer. Matrix is and will remain the customer`s interlocutor. The customer does not need to contact Matrix`s suppliers or subcontractors. While a data processing agreement may seem to want to protect the processing manager from legal problems when a data publisher is wrong about its data, it does much more. However, depending on the severity and nature of the injury, there are two levels of fines. Fines imposed on the RGPD for breaches of data processors are generally covered by the first stage, whose guidelines can be as serious as 10 million euros or 2% of global turnover.
In any case, it is much less painful to sign a data processing agreement and to comply with the terms than to pay a penalty from the RGPD. We hope this guide will help. Other easy-to-digest helps for RGPD compliance can be accessed in our RGPD checklist. Contracts between processing managers and subcontractors ensure that they understand their obligations, responsibilities and commitments. Contracts also help them comply with the RGPD and help officials demonstrate compliance with individuals and regulators. There are other things that processing people want to make sure they have been included in their data processing agreements. Article 31 provides that processors and data processors (or their representatives) cooperate with supervisory authorities. Article 28 sets out the basic rules for processors under the RGPD.
☐ the subcontractor must be audited and inspected. The subcontractor must also provide the processing officer with all the information necessary to ensure that both parties comply with their article 28 obligations. Article 35 specifies data protection impact analyses, including when and how they should be carried out. It also mentions how processors and data processors should take into account compliance with contractual agreements (for example. B data processing agreements) when conducting data protection impact analyses. Matrix Software is both controller and processor. We are responsible for the personal data that customers and suppliers share with Matrix, so that we implement our contract, stay in touch with you, process your payments, etc.