When this data processing contract is used for the provision of services by the subcontractor of a subcontractor (or further down the supplier chain), the term « controller » refers to the data processor and subcontractor of the subcontractor. Definition by the RGPDsi that a data processor performs a processing on behalf of a processing manager, the processor does not comply with the RGPD, unless there is a written contract between the two parties with at least the following clauses: When a processing manager (for example. B a payroll client) uses a data transformer (for example. B, there must be a written contract. With regard to international data transfers, Privacy Shield is an authorized solution as personal data from the EEA arrives in the United States, but if data is transferred across many borders, other solutions, such as standard contractual clauses approved by the European Commission or binding business rules, may be more appropriate. to fulfil its obligations to the person in charge of the processing after the termination of the contract. In this case, the provisions of this data processing agreement apply until the processing is entered. Although there are a number of legal systems considered by the EU to be « approved » jurisdictions (such as Argentina, Canada and Israel), there is considerable uncertainty as to the best solution, given that the data protection shield is regularly checked by the European Commission for its strength as a data transfer solution. Similarly, standard contractual clauses are currently under review at the European Court of Justice and the European Commission recently announced that it would review all countries that have in the past been deemed « appropriate » to ensure that their legislation is always useful in ensuring adequate protection of human rights. 184.108.40.206 the transfer of personal data from the company by a contract subcontractor to a subcontractor or between two branches of a commercial subcontractor, at least where such transmission would be prohibited by data protection legislation (or by the conditions of data transfer agreements put in place to impose restrictions on data protection); The subcontractor must comply with all personal data protection provisions set out in this data processing agreement and existing data protection legislation. ☐ the subcontractor must ensure that data processing persons are subject to a duty of trust; When a processing manager uses a subcontractor to process personal data on his or her behalf, there must be a written contract between the parties.
8. The data protection impact analysis and the pre-consultation subcontractor provide the company with appropriate support for all data protection impact assessments and prior consultations with supervisory authorities or other relevant data protection authorities that the company deems reasonably necessary under Articles 35 or 36 of the RGPD or the equivalent provisions of another data protection law. , in any event exclusively with regard to the company`s handling of personal data and taking into account the nature of the processing and data protection information. that are available to contract processors.