☐ the subcontractor must delete all personal data (at the choice of the processing manager) at the end of the contract or return it to the processing manager, and the subcontractor must also delete existing personal data, unless the law requires its storage; and ☐ the subcontractor can only order a subcontractor with the prior permission of the processing manager and under a written contract; Treatment by a subcontractor is subject to a contract or other legal act, within the meaning of EU or Member State law, which is mandatory for the subcontractor with regard to the person in charge of the treatment and which defines the purpose and duration of the treatment, the nature and purpose of the treatment, the nature of the personal data and the categories of persons concerned. , as well as the obligations and rights of the person in charge of the treatment. Contracts between processing managers and subcontractors ensure that they understand their obligations, responsibilities and commitments. Contracts also help them comply with the RGPD and help officials demonstrate compliance with individuals and regulators. Today, data processing agreements have many forms, ranging from a simple re-application of the main requirements of Article 28 of the RGPD to detailed contractual provisions. Some have provided detailed security requirements, while others merely repeat the general requirements of section 32 of the RGPD; Some of them refer to a service agreement to describe the main characteristics of the treatment (subject, duration, nature, purpose, etc.), while others contain a specific appendix that describes these points. We have seen that organizations use short data processing agreements, with very few details for low-risk processing operations (they think) entrusted to subcontractors, and very detailed processing agreements for data-intensive or risky activities. And not all of these agreements are considered worthy by the EDPB. When a subcontractor uses another organization (i.e. a subcontractor) to help process personal data for a processing manager, it must have a written contract with that subcontractor.
You`ll find all the other features under Google`s control conditions. You can also find information about how Google helps advertisers comply with the RGPD. Google provides appropriate data processing conditions for certain products that include the data processing services listed below. However, depending on the severity and nature of the injury, there are two levels of fines. Fines imposed on the RGPD for breaches of data processors are generally covered by the first stage, whose guidelines can be as serious as 10 million euros or 2% of global turnover. In any case, it is much less painful to sign a data processing agreement and to comply with the terms than to pay a penalty from the RGPD. We hope this guide will help.