Everything You Need to Know When Joining Legal Industry
Everything you demand to know about a Data Processing Agreement
Last week, the entry into force of the EU's general information protection regulation (GDPR) attracted much attention. Practically any business that processes the personal data of Eu citizens is affected and has to accept serious measures – organizational and technical – to comply with the new rules. One important chemical element of the legislation is the requirement for data controllers to enter into a information processing agreement (DPA) with data processors.
To help you prepare for the GDPR, nosotros held a webinar concluding Wednesday about the particularities of a information processing agreement and the process of signing one with Tresorit. In this blogpost, we aim to summarize the most important elements of our webinar to give you lot a comprehensive picture show of everything you should know about a DPA.
What is a DPA?
A information processing understanding (DPA) is a legally bounden document to be entered into between the controller and the processor in writing or in electronic form. Information technology regulates the particularities of data processing – such as its scope and purpose – as well as the relationship between the controller and the processor.
Why is a DPA important?
The GDPR requires data controllers to take measures to ensure the protection of personal data they handle. If data controllers decide to outsource certain information processing activities, they must be able to demonstrate that their suppliers and sub-processors likewise provide sufficient guarantees to protect the data and act in a GDPR compliant fashion.
When practice yous need to sign a DPA?
If you are a controller and, as a result of outsourcing, you wish to transfer your data to a third-party, for instance a cloud provider, you need to sign a DPA with that tertiary political party.
Exercise processors have to sign a DPA with their sub-processors?
Yes, even if y'all are not a controller, simply a processor, and decide to outsource your activities you'll need to sign a DPA and ensure that any other sub-processor in the chain complies with the requirements of the GDPR.
What is data processing?
The GDPR regulates data processing in a broad manner. Information technology says that any operation performed on personal information amounts to processing. For case, the acts of collecting, storing, disclosing or erasing personal data are all considered processing and autumn nether the GDPR.
Who is a information controller?
Data controller is the person who determines the purpose and means of the data processing.
Who is a data processor?
The person who processes data on behalf of a controller, in accord with the controller'south instructions.
What to spotter out for when signing a DPA?
⇒One of the about important chemical element of a DPA is whether your processors provide sufficient guarantees for the protection of the data transferred to them. Under the GDPR, if there is a information breach, even if information technology's on the side of the processor, you, as a controller, might exist held responsible. Hence, information technology is important to choose processors that implement sufficient measures to minimize the risk of a data alienation. Furthermore, processors should also accept sufficient measures to decrease the result of a alienation and to inform you lot in due class.
⇒Data processors should not be able to process your data for whatsoever other purpose than what's the purpose of your DPA and of the outsourcing. Accordingly, you should cheque how the processor will employ the data yous transfer to it; whether it is in accord with your contract or whether the processor intends to use the data for its own purposes. Hence, you need to make sure that the scope of the processor's DPA is not broader than the original legal ground you take for processing the personal data.
What kind of personal data does Tresorit process on your behalf?
Because of our client-side encryption, we cannot access our users' encrypted content and we cannot utilize encrypted information to place any private. Accordingly, nether the GDPR, such content is not deemed to be personal data from our perspective. Withal, when providing our services, we process certain non-encrypted information including personal data relating to the users administered by our users (e.g. such as user names, email addresses, file activities and login-in attempts). With respect to such limited information, we act equally a data processor. Our DPA covers this very limited personal data we have on our customers, while the data in customers' files fall outside the DPA's telescopic.
Who should execute a DPA with Tresorit?
You need to execute our DPA if y'all take a business subscription (Tresorit Solo, Pocket-size Business concern, Business and Enterprise) with us and the GDPR applies to you. The latter question is something that has to exist assessed on a example by case basis, with the involvement of a legal counsel. However, if you run a business and utilise Tresoirt for business purposes, and you, your partners or employees are located in the European union, it is very likely that y'all are bailiwick to the GDPR.
How to execute a DPA with Tresorit?
You need to exist a Subscription Owner to be able to access billing details and initiate the DPA-signing process. This guide shall walk you through all the steps of the process.
Do you lot want to acquire more than on Data Processing Understanding and on what to look for when contracting with a cloud service provider? Download our ebook here.
The materials available on this website are for informational purposes only and do not found legal communication. To obtain communication with respect to a particular issue, you should contact your attorney.
Nearly the author
Petra is a legal counsel specialized in the areas of data protection and IP law. She helps Tresorit to implement legal guarantees to ensure the GDPR compliance of our company and customers.
zimmermansumanducke.blogspot.com
Source: https://tresorit.com/blog/everything-you-need-to-know-about-a-data-processing-agreement/
0 Response to "Everything You Need to Know When Joining Legal Industry"
Enregistrer un commentaire