GDPR: The Most Frequently Asked Questions: Are the Standard Contractual Clauses Enough?
|
|
- Brent Brown
- 5 years ago
- Views:
Transcription
1 GDPR: The Most Frequently Asked Questions: Are the Enough? February 2, 2018 The European Union s General Data Protection Authors/Presenters Regulation ( GDPR ) is arguably the most comprehensive and complex data privacy regulation in the world. As companies prepare for the GDPR to go into force on May 25, 2018, there continues to be a great deal of confusion regarding the requirements of the GDPR. To help address that confusion, Bryan Cave is publishing a multi-part series that discusses the David A. Zetoony Partner Boulder, Colorado David.Zetoony@bclplaw.com questions most frequently asked by clients concerning the GDPR. Question: If a service provider has already agreed to the controller-processor standard contractual clauses, are you required to put additional GDPR-related contractual provisions in place? Answer: Yes. The GDPR imposes two requirements when a company (referred to in the GDPR as a data controller ) uses a service provider (referred to in the GDPR as a data processor ). Page 1 of 12
2 The first requirement is that if a data controller is based in the EEA and is transferring personal data to a processor that is based outside of the EEA, the parties must take steps to ensure that the jurisdiction in which the data is going has an adequate level of protection. 1 When the GDPR refers to an adequate level of protection it is not talking about the security of the data. Instead, it is referring to the protections afforded by the laws of the country to which the data will be transferred. Under the GDPR, a jurisdiction typically affords data an adequate level of protection if one of four factors exist. First, the EU Commission can evaluate the laws of the foreign country and find that they are per se similar in nature to the GDPR. Second, the entity that will be receiving the data can enter into binding corporate rules. These refer to internal policies and procedures that have been presented to, and approved by, European data protection authorities. 2 Third, a legally binding and enforceable instrument can be created between governments to facilitate the data transfer. An example of such an instrument is the EU-US Privacy Shield framework that was negotiated, and approved by the EU Commission, in Fourth, and most common, is the use by the contracting parties of contract provisions that have been pre-approved by the EU Commission as contractually guaranteeing an adequate level of protection. 4 While some companies integrate the standard contractual clauses into larger service provider agreements, other contracting parties execute the standard contractual clauses as a free-standing agreement. The second requirement imposed by the GDPR is that every service provider agreement must contain thirteen specific contractual provisions. Given the popularity of the standard contractual clauses, and the fact that they have been pre-approved by the EU Commission, many contracting parties assume that the standard contractual clauses incorporate all of these thirteen requirements. Unfortunately, they do not. The following chart summarizes the thirteen requirements within Article 28 and indicates which of those requirements are satisfied, partially satisfied, or not addressed by, the standard contractual clauses. Page 2 of 12
3 GDPR Controller-Processor Contractual Clauses Summary of Reference Requirement Explanation Requirement Satisfied by Clauses Page 3 of 12
4 1. Description of Processing. The contract must specify: 1. subject matter of processing. 2. duration of processing. 3. nature and purpose of Art. 23(3) Partial Gap Appendix 1 of the Contractual Clause describes (1) subject matter of processing, (2) nature and purpose of processing, (3) type of personal data, and (4) categories of data subjects. processing. 4. type of personal data to be processed 5. categories of data subjects about which the data relates. The standard contractual clause, and the Appendix, do not discuss the duration of processing. Page 4 of 12
5 2. Documented Instructions. A service provider can only process personal data consistent with a controllers documented instructions. Art. 28(3)(a) Satisfied. Clause 5(a) and (b) of the contain a requirement that processing can only occur based on a controller s instructions. 3. Confidentiality. It must contain a confidentiality provision. That provision must ensure that persons authorized to Art. 28(3)(b). Gap The do not contain a representation by a data importer concerning confidentiality. process personal data have committed themselves to confidentiality. Page 5 of 12
6 4. Processor Art. 28(1) Satisfied. Clause 5(c) of the Security. Service provider will Art. 28(3)(c) implement Art. 32(1) ( requires the appropriate technical processor to agree and organizational to the security measures to secure provisions contained information. in Appendix II. Presuming that Appendix II contains a description of appropriate security there would be no gap. 5. Subcontracting Art. 28(2) Satisfied. Clauses 5(h) and authorization. A service provider Art. 28(3)(d). 11(1) of the must obtain written authorization before requires that a subcontracting, and processor notify the must inform the controller before Company before it using a makes any changes Subprocessor, and to its subcontractors. obtain their prior written consent. Page 6 of 12
7 6. Subcontracting Art. 28(3)(d) Art. Satisfied. Clause 11(1) of the flow down 28(4) obligations. Service provider will flow requires that a down these processor flow down obligations to any obligations to any subprocessors. subprocessors. 7. Subcontracting liability. A service provider must remain fully liable to the controller for the performance of a sub-processors obligations.. Art. 28(3)(d) Satisfied. Clause 11(1) of the requires that a processor remain fully liable for the actions of its subprocessors. Page 7 of 12
8 8. Responding to Art. 28(3)(e) Partial Gap Clause 5(d)(iii) and data subjects. Service provider will Art clause 5(e) of the assist the Company to respond to any require that a requests by a data subprocessor notify subject. a controller of a data subject request. The clauses do not specifically discuss an obligation to cooperate in responding to such request. Page 8 of 12
9 9. Assisting Art. 28(3)(f) Art. 33 Gap Clause 5(d)(ii) Controller In 34 require that a Responding to Data processor notify a Breach. Service controller concerning provider will a subset of what the cooperate with GDPR defines to controller in the include a data event of a personal breach. It does not data breach. comply with the GDPR s timing requirements. It also does not discuss obligations to cooperate in investigations and response. 10. Assisting Art. 28(3)(f) Gap The Controller In Creating DPIA. Art. 35) do not discuss the Service provider will Art obligation of a cooperate with processor to controller in the participate in DPIA s event the controller conducted by a data initiates a data controller. protection impact assessment. Page 9 of 12
10 11. Delete or return data. Service provider will delete or return data at the end of the engagement. Art. 28(3)(g) Satisfied. Clause 12(1) of the requires a processor to delete or return data upon termination of the agreement. Page 10 of 12
11 12. Audit Right. Service provider will allow Company to conduct audits or inspections for compliance to these obligations. Art. 28(3)(h). Partial Clauses 5(f) and 12(2) of the refer to the ability of the data controller to audit or inspect the processor for compliance with the requirements of the clauses; as the clauses do not include all of the requirements of the GDPR the audit provision is technically narrower than is required under GDPR. Page 11 of 12
12 13. Cross-border Art. 28(3)(a) Partial The transfers. Service provider will not permit the transfer of transfer data outside Art. 46 data from the of the EEA without controller to a permission of processor that is not Company. based in the EEA. The clauses do not discuss whether the processor is permitted to engage in onward transfers to additional countries outside of the EEA. 1. GDPR, Art. 45(1). 2. GDPR, Art. 46(2)(b). 3. GDPR, Art. 46(2)(a). 4. GDPR, Art. 46(2)(c). RELATED PRACTICES Data Privacy and Security Team Page 12 of 12
GDPR Data Processing Addendum
GDPR Data Processing Addendum Effective Date 24 May 2018 This Data Processing Addendum for the GDPR (Addendum) is made as of the Effective Date by and between Fresh Relevance Ltd incorporated and registered
More informationGDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS
GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS WHO SHOULD EXECUTE THIS DPA: If you have determined that you qualify as a data controller under the GDPR, and need a data processing addendum
More informationData Processing Addendum
Data Processing Addendum Based on the General Data Protection Regulation (GDPR) This Data Processing Addendum ( Addendum ) forms part of your relevant Planet estream terms and conditions, defined as an
More informationAdopted on 12 July 2010
ARTICLE 29 DATA PROTECTION WORKING PARTY 00070/2010/EN WP 176 FAQs in order to address some issues raised by the entry into force of the EU Commission Decision 2010/87/EU of 5 February 2010 on standard
More informationDATA PROCESSING ADDENDUM FOR CUSTOMERS AND USER OF AEROHIVE PRODUCTS AND SERVICES. Version May 2018
DATA PROCESSING ADDENDUM FOR CUSTOMERS AND USER OF AEROHIVE PRODUCTS AND SERVICES 1. Scope and Order of Precedence Version May 2018 This Data Processing Addendum (this DPA ) is deemed an addendum to the
More informationCustomer GDPR Data Processing Agreement
Customer GDPR Data Processing Agreement This Customer Data Processing Agreement reflects the requirements of the European Data Protection Regulation ( GDPR ) as it comes into effect on May 25, 2018. Bench
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the Master Purchase Agreement, Customer Agreement, Channel Partner Agreement, End User License Agreement or other written agreement
More informationGDPR & The Ad Agency: Understanding the Impact of the GDPR on Agency Services Agreements
GDPR & The Ad Agency: Understanding the Impact of the GDPR on Agency Services Agreements 2018 LOEB & LOEB LLP Understanding Your Role and Obligations Controller legal person... which, alone or jointly
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) is made between Cognito, LLC., a South Carolina corporation ( Cognito Forms ) and {OrganizationLegalName} ( Customer or Controller or {Organization}
More informationEU Data Processing Addendum
EU Data Processing Addendum This EU Data Processing Addendum ( Addendum ) is made and entered into by and between AlienVault, Inc., a Delaware corporation ( AlienVault ) and the customer specified in the
More informationData Processing Appendix
Company Name* Execution Date *Company name indicated must conform to the name on customer s Master Subscription Agreement executed with SugarCRM. This Data Processing Appendix on the processing of personal
More informationDATA PROCESSING AGREEMENT
DATA PROCESSING AGREEMENT This Data Processing Agreement ( DPA or Agreement ), entered into by the CPI customer identified on the applicable CPI services agreement for CPI services ( Customer ) and the
More informationIRIS Group of Companies Customer Data Processing Terms
IRIS Group of Companies Customer Data Processing Terms Definitions (any other capitalised terms not contained in this section will be as defined in the IRIS Software Group General Terms & Conditions (
More informationON24 DATA PROCESSING ADDENDUM
ON24 DATA PROCESSING ADDENDUM This Data Processing Addendum ( Addendum ) is entered into by and between ON24 Inc., on behalf of itself and its Affiliates ( ON24 ), and Client, on behalf of itself and its
More informationURBAN AIRSHIP DATA PROCESSING ADDENDUM with EU Standard Contractual Clauses. (Revised September 2017)
URBAN AIRSHIP DATA PROCESSING ADDENDUM with EU Standard Contractual Clauses (Revised September 2017) This Data Processing Addendum ( Addendum ) forms part of the Master Subscription Agreement or the online
More informationThe contract is important so that both parties understand their responsibilities and liabilities.
Contracts At a glance Whenever a controller uses a processor it needs to have a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities.
More informationDATA PROCESSING AGREEMENT (GDPR, Privacy Shield, and Standard Contractual Clauses)
DATA PROCESSING AGREEMENT (GDPR, Privacy Shield, and Standard Contractual Clauses) This Data Processing Agreement ("DPA") forms part of the Master Services and Subscription Agreement between Customer and
More informationMoxtra, Inc. DATA PROCESSING ADDENDUM
Moxtra, Inc. DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms a part of the Terms of Service found at http://moxtra.com/terms-of-service/, unless Company has entered into a superseding
More informationData Processing Addendum
Data Processing Addendum This Data Processing Addendum ( DPA ) forms part of the Agreement(s) and is entered by and between the Customer and the Service Provider on the Effective Date. For the avoidance
More informationLifesize, Inc. Data Processing Addendum
Last updated May 1, 2018 Lifesize, Inc. Data Processing Addendum This Lifesize, Inc. Data Processing Addendum ( Addendum ) forms part of the Terms of Service (the Agreement ) between Lifesize, Inc. ( Lifesize
More informationROSETTA STONE LTD. PROCESSING ADDENDUM
ROSETTA STONE LTD. PROCESSING ADDENDUM This Data Processing Addendum (this DPA ) forms part of the order document(s) (each a Service Order ) and Services Agreement (collectively, the Agreement ), entered
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM (European Union GDPR) (May 2018) This Data Processing Addendum ( DPA ) forms part of the Pancake Laboratories Inc, DBA ShortStack.com ( ShortStack) Terms and Conditions (https://www.shortstack.com/terms-andconditions/),
More informationData Processing Agreement and Privacy Policy (EU) Classification: PUBLIC March 2018
1. PURPOSE AND SCOPE 1.1 This document sets out Fourth s Data Processing Agreement and Privacy Policy for its Customers with operations in the EU and/or who process Personal Data of data subjects located
More informationBuilding a Program to Manage the Vendor Management Lifecycle
Building a Program to Manage the Vendor Management Lifecycle Libbie Canter Amelia Hukoveh Daniel Nazar October 5, 2017 Overview 1. Introduction and Background 2. Three Pillars of Third-Party Risk Management
More informationDATA PROCESSING ADDENDUM
Page 1 of 20 DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms a part of the Customer Terms of Service found at https://slack.com/terms-of-service, unless Customer has entered into a
More informationData Processing Agreement, the Contract
Data Processing Agreement, the Contract between Customer (as defined in the Service Agreement) the Controller hereinafter referred to as the Customer and Planview (as defined in the Service Agreement)
More informationData Processing Appendix
Data Processing Appendix This Data Processing Appendix (the Appendix ) is attached to and forms part of the Supplier General Terms and Conditions (the Agreement ) between Nebula Oy ( Supplier ) and customer
More informationGDPR Data Processing Addendum (DPA) Instructions for Area 1 Security Customers
Area 1 Security, Inc. 142 Stambaugh Street Redwood City, CA 94063 EU GDPR DPA GDPR Data Processing Addendum (DPA) Instructions for Area 1 Security Customers Who should execute this DPA: If you qualify
More informationTwilio Data Protection Addendum ( DPA ) (GDPR, Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision June 2018)
Twilio Data Protection Addendum ( DPA ) (GDPR, Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision June 2018) Once fully executed, this DPA forms a part of the agreement
More informationDATA PROCESSING ADENDUM
W www.exponea.com C +421 948 127 332 sales@exponea.com A Exponea, Twin City B, Mlynské Nivy 12 821 09 Bratislava, SK DATA PROCESSING ADENDUM Exponea s.r.o. registered in the Commercial Register maintained
More informationRBI GDPR DATA PROCESSING ADDENDUM
RBI GDPR DATA PROCESSING ADDENDUM 1. SCOPE 1.1. This GDPR Data Processing Addendum ( DPA ) applies to RBI s processing of personal data on Customer s behalf under the Agreement. With regard to such processing,
More informationDATA PROCESSING ANNEX
Page 1 (5) 1 BACKGROUND AND PURPOSE DATA PROCESSING ANNEX 1.1 The terms of this Annex shall apply to the Agreement between Solibri Oy and/or its Subsidiary/Subsidiaries (Solibri Oy and the Subsidiaries
More informationDATA PROCESSING ADDENDUM
This Data Processing Addendum (the DPA ) forms part of Telia Bedriftsavtale or other written or electronic agreement between the Parties for the purchase of telecommunication services, and regulates any
More informationData Processing Addendum
Data Processing Addendum Based on the General Data Protection Regulation (GDPR) and European Commission Decision 2010/87/EU - Standard Contractual Clauses (Processors) This Data Processing Addendum ( DPA
More informationHOW TO EXECUTE THIS DPA:
DATA PROCESSING ADDENDUM (GDPR, and EU Standard Contractual Clauses) (Rev. April 20, 2018) This Data Processing Addendum ( DPA ) forms part of the Master Subscription Agreement or other written or electronic
More informationDATA PROCESSING ADDENDUM (INCLUDING EU STANDARD CONTRACTUAL CLAUSES)
DATA PROCESSING ADDENDUM (INCLUDING EU STANDARD CONTRACTUAL CLAUSES) This Data Processing Addendum ( DPA ) shall become effective without any further action by the parties: (a) if Customer signing this
More informationCLOUDINARY DATA PROCESSING ADDENDUM
CLOUDINARY DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the agreement for the subscription by the Customer to the Cloudinary Service ("Subscription Agreement") between Cloudinary
More informationBroadbean Technology Limited - Data Processing Agreement (25th May 2018)
Broadbean Technology Limited - Data Processing Agreement (25th May 2018) This agreement and its associated schedules shall come into force with effect from 25 th May 2018 and shall from that date replace
More informationMichael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty. Overview of the EU General Data Protection Regulation (GDPR)
Michael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty Overview of the EU General Data Protection Regulation (GDPR) WHAT YOU NEED TO KNOW ABOUT THE EU GENERAL DATA PROTECTION REGULATION (GDPR) What is the GDPR?
More informationProcessing under the GDPR: risk and liability shifts
Processing under the GDPR: risk and liability shifts October 2016 With the GDPR now technically in force, and just over 18 months before it applies in Member States, we look at how this new regime will
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the End User License and Services Agreement (the Agreement ) between Customer and Ivanti, to reflect the parties agreement about
More informationBINDING CORPORATE RULES
BINDING CORPORATE RULES CONTROLLER PRINCIPLES INTRODUCTION At Marsh & McLennan Companies (MMC), we respect and are committed to protecting the privacy, security and integrity of Personal Information 1
More informationDATA PROCESSING TERMS AND CONDITIONS
DATA PROCESSING TERMS AND CONDITIONS These Data Processing Terms and Conditions apply in respect of Personal Data that we process on behalf of Customers who purchase the Powwownow Premium Service. Please
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms a part of the Databricks Terms of Service found at https://www.databricks.com/termsofservice, unless Subscriber has entered into a superseding
More informationEU GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CLOUDFLARE CUSTOMERS
EU GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS WHO SHOULD EXECUTE THIS DPA: FOR CLOUDFLARE CUSTOMERS If you have determined that you qualify as a data controller under the GDPR, and need a data processing
More informationDATA PROCESSING AGREEMENT/ADDENDUM
DATA PROCESSING AGREEMENT/ADDENDUM This Data Processing Agreement ( DPA ) is made and entered into as of this day of, 2018 forms part of our Terms and Conditions (available at www.storemaven.com/terms-of-service)
More informationIDEXX - DATA PROTECTION AGREEMENT
IDEXX - DATA PROTECTION AGREEMENT (A) (B) (C) (D) IDEXX and Customer have entered into an Agreement. In the context of the Agreement, IDEXX will process Personal Data on behalf of and for the benefit of
More informationCUSTOMER DATA PROCESSING ADDENDUM
CUSTOMER DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) and applicable Attachments apply when HP acts as a Data Processor and processes Customer Personal Data on behalf of Customer in order
More informationADDSECURES WAY OF PROCESSING PERSONAL DATA
Agreement Preface ADDSECURES WAY OF PROCESSING PERSONAL DATA For the processing of personal data that AddSecure performs on behalf of its customers, AddSecure becomes a Personal Data Processor. If you
More informationEpiserver Data Processing Agreement
1 /12 Episerver Data Processing Agreement Last Modified: May 30, 2017 As referred to in Section 7 of the Episerver End-User Services Agreement ( E ), for the purposes of Article 26(2) of Directive 95/46/EC,
More informationDATA PROTECTION ADDENDUM
DATA PROTECTION ADDENDUM In the event an agreement ( Underlying Agreement ) entered into by and between (i) either Sunovion Pharmaceuticals Inc. or its subsidiary, Sunovion Pharmaceuticals Europe Ltd.
More informationDATA PROCESSING AGREEMENT
DATA PROCESSING AGREEMENT This Data Processing Agreement (the DPA ), entered into by the Customer and the company Ganttic OÜ (company registration number 11979702) having its registered office at Lai tn
More informationTWILIO INC. EC DATA PROTECTION AGREEMENT
EUROPEAN CUSTOMERS WHO CHOOSE TO ENTER INTO THIS AGREEMENT MUST: 1. Complete all appropriate blanks throughout the agreement. 2. Print and sign agreement. 3. Send a copy of the agreement to Twilio by email
More informationData Processing Agreement
Data Processing Agreement This Data Processing Agreement with EU Standard Contractual Clauses (Processors), (the DPA ) supplements the Dropbox Business Agreement between Dropbox, Inc. and Dropbox International
More informationAWS GDPR DATA PROCESSING ADDENDUM
AWS GDPR DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) is an agreement between Amazon Web Services, Inc. ( AWS, we, us, or our ) and you or the entity you represent ( Customer, you or
More informationData Processing Addendum
Data Processing Addendum This Data Processing Addendum (" DPA "), forms part of the Agreement or other written or electronic agreement between Pleo Technologies ApS (" Pleo ) and Customer for the purchase
More informationMentorcliQ Data Processing Agreement
MentorcliQ Data Processing Agreement This MentorcliQ Data Processing Agreement ( DPA ), that includes the Standard Contractual Clauses adopted by the European Commission, as applicable, reflects the parties
More informationThe GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018
The GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018 GDPR so far The EU General Data Protection Regulation (Regulation (EU) 2016/679) comes into effect on 25 May 2018 Aims to protect:
More informationEven If You Are a U.S. Company, Don t Ignore the GDPR: Complying with the EU s New Data Privacy Law
Even If You Are a U.S. Company, Don t Ignore the GDPR: Complying with the EU s New Data Privacy Law On May 25, 2018, the European Union (EU)'s General Data Protection Regulation (GDPR) comes into force,
More informationGDPR FOR PRIVATE EQUITY AND REAL ESTATE
GDPR FOR PRIVATE EQUITY AND REAL ESTATE Date: Friday, 3rd November 2017 Start time: 12:30GMT Panellists: Pat McIntyre GDPR Project Manager David Rowland Group Head of AML and Compliance Manager, Augentius
More informationGDPR: Frequently Asked Questions to Brokers Ireland, February 2018.
GDPR: Frequently Asked Questions to Brokers Ireland, February 2018. 1. Does my Firm require a Data Protection Officer ( DPO )? Not necessarily, but the legislation and current guidance is not definitive.
More informationCLIENT DATA PROCESSING AGREEMENT
CLIENT DATA PROCESSING AGREEMENT This Data Processing Agreement for the Data Protection (the Agreement ) of Data Processed is entered into on./../ (hereinafter referred to as the Effective Date ) by and
More informationThe Controller and Processor Data Protection Binding Corporate Rules of BMC Software
The Controller and Processor Data Protection Binding Corporate Rules of BMC Software 4 August 2015 Table of Contents Introduction 2 PART I: BACKGROUND AND ACTIONS 3 PART II: BMC AS A CONTROLLER 5 PART
More informationInternational data transfers and Schrems White & Case. Aqeel Kadri and Tim Hickman
International data transfers and Schrems White & Case Aqeel Kadri and Tim Hickman 9 March 2016 Overview of EU data protection law Currently, each EU Member State has its own national data protection law,
More informationDATA PROCESSING ADDENDUM with EU Standard Contractual Clauses
DATA PROCESSING ADDENDUM with EU Standard Contractual Clauses This Data Processing Addendum ("Addendum") forms part of the Agreement between Snow and Company (each as defined below). This Addendum is only
More informationGDPR : We protect your data
GDPR : We protect your data Dear customer, From the 25th May 2018 the new law of Personal Data Protection (GDPR) will enter into force. At Almagest Wealth Management S.A., we understand your need to be
More informationDATA HANDLING AGREEMENT
DATA HANDLING AGREEMENT This agreement records the terms upon which Wonde will process the School Data for the purpose of transferring the School Data to one or more third party providers of services to
More informationMRS Brexit Survival Guide: EU-UK Data transfers November
2018 MRS. All rights reserved. November 2018 No part of this publication may be reproduced or copied in any form or by any means, or translated, without the prior permission in writing of MRS. MRS Brexit
More informationStandard contractual clauses for the transfer of personal data to third countries - Frequently asked questions
MEMO/05/3 Brussels, 7 January 2005 Standard contractual clauses for the transfer of personal data to third countries - Frequently asked questions Directive 95/46/EC, on the protection of individuals with
More informationData protection clauses in commercial contracts. Amy Chandler & Paul Jonson
Data protection clauses in commercial contracts Amy Chandler & Paul Jonson Data controller/data processor 1. A company engages a payroll company to process payslips and make payments to its employees.
More informationGROUP PRIVACY POLICY. Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ).
GROUP PRIVACY POLICY Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ). 1 PURPOSE AND SCOPE 1.1 The aim of this policy is to establish uniform,
More informationLicence Agreement
Licence Agreement EXTERNAL 22 May 2018 Version: 07.00w ------------------- T +44 (0)1206 872143 E collections@ukdataservice.ac.uk www.ukdataservice.ac.uk -------------------... WE ARE SUPPORTED BY THE
More informationData Processing Addendum (Revision May 2018)
Data Processing Addendum (Revision May 2018) Agreement entered into by and between Customer, as identified in Tucows Master Services Agreement Controller or Joint Controller or Customer and Tucows.com
More informationDATA PROCESSING ADDENDUM (GDPR and EU Standard Contractual Clauses)
DATA PROCESSING ADDENDUM (GDPR and EU Standard Contractual Clauses) Rev. 1 May 2018 This Data Processing Addendum ( DPA ) forms part of the product or services agreement ( Agreement ) or other written
More informationIT WORKS! INDEPENDENT DISTRIBUTOR AGREEMENT TERMS & CONDITIONS UNITED KINGDOM
IT WORKS! INDEPENDENT DISTRIBUTOR AGREEMENT TERMS & CONDITIONS UNITED KINGDOM Compensation Plan Policies and Procedures It Works! Marketing International UC, 45-46 James Place East, Dublin 2, Ireland shall
More informationAudit Requirement Guide SURF Framework of Legal Standards for (Cloud) Services Annex D
Audit Requirement Guide SURF Framework of Legal Standards for (Cloud) Services Annex D Utrecht, October 2016 Version number: 1.0 Credits Audit Requirement Guide SURF Framework of Legal Standards for (Cloud)
More informationDATA PROCESSING ADDENDUM (v1.0)
DATA PROCESSING ADDENDUM (v1.0) Progressive Voice Services Limited trading as Meetupcall of Premier House, Carolina Court, Doncaster, DN45RA ( Meetupcall ) and having its place of business at, ( Customer
More informationAgreement relating to Data protection in conjunction with the use of the Fujitsu K 5 Cloud
Agreement relating to Data protection in conjunction with the use of the Fujitsu K 5 Cloud between Fujitsu Technology Solutions GmbH, Mies-van-der-Rohe-Street 8, 80807 Munich, Germany hereinafter referred
More informationARE YOU READY FOR THE NEW DATA PROTECTION LAWS?
ARE YOU READY FOR THE NEW DATA PROTECTION LAWS? GETTING READY FOR THE GDPR PART ONE DATA PROTECTION LAWS ARE CHANGING DATA PROTECTION LAWS ARE CHANGING On 25 May 2018, the General Data Protection Regulation
More informationNote: Changes from Commission Decision 2002/16/EC are marked in redline
Note: Changes from Commission Decision 2002/16/EC are marked in redline Commission Decision of 27 December 20015 February 2010 on standard contractual clauses for the transfer of personal data to processors
More informationDATA PROCESSING ADDENDUM (GDPR, Salesforce Processor Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision April 2018)
DATA PROCESSING ADDENDUM (GDPR, Salesforce Processor Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision April 2018) This Data Processing Addendum ( DPA ) forms part of
More informationData Processing Agreement
Data Processing Agreement between Customer and SmartRecruiters Inc. 225 Bush Street Suite #300 San Francisco CA 94104 - hereinafter SmartRecruiters - both Customer and SmartRecruiters hereinafter individually
More informationData Processing Addendum
Data Processing Addendum The parties conclude this Data Processing Addendum ( DPA ), which forms part of the Agreement between Customer and Supplier ( Epignosis ), to reflect our agreement about the Processing
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM Based on the General Data Protection Regulation (GDPR) and European Commission Decision 2010/87/EU - Standard Contractual Clauses (Processors) This Data Processing Addendum ( DPA
More informationBASWARE PERSONAL DATA PROCESSING APPENDIX
This Basware personal data processing appendix and its annexes ( DPA ) is an appendix to, and legally binding only in connection with, the sales agreement between Basware and Customer with regard to Basware
More information2. TASK OF DPO IN INTERNATIONAL DATA TRANSFERS
INTERNATIONAL DATA TRANSFERS AND CODES OF CONDUCT Ana María Martínez Bermejo ammartinezb@agpd.es Spanish Data Protection Agency 1. INTERNATIONAL DATA TRANSFERS 2. TASK OF DPO IN INTERNATIONAL DATA TRANSFERS
More informationCustomer GDPR Data Processing Agreement
Customer GDPR Data Processing Agreement Version May 2018 This Customer Data Processing Agreement reflects the requirements of the European Data Protection Regulation ( GDPR ) as it comes into effect on May
More informationClient Relationship Agreement for Products
Client Relationship Agreement for Products This Client Relationship for Products (CRA) and applicable Attachments and Transaction Documents (TDs) are the complete agreement regarding transactions under
More informationPosti Group - Purchasing Terms and Conditions
1 (18) Posti Group - Purchasing Terms and 2 (18) Table of Contents 1 SUPPLIER... 4 1.1 Customer instructions... 4 1.2 Exclusive rights... 4 1.3 Act on Contractor Obligations... 4 1.4 Recruitment restrictions...
More informationThe Marketing Arm Inc. EU-U.S. Privacy Shield: Consumer Privacy Policy
The Marketing Arm Inc. EU-U.S. Privacy Shield: Consumer Privacy Policy Last Updated: November 17, 2016 The Marketing Arm Inc. ( TMA ) respect your concerns about privacy. TMA participates in the EU-U.S.
More informationDATA PROCESSING AGREEMENT ( AGREEMENT )
DATA PROCESSING AGREEMENT ( AGREEMENT ) entered into on by and between: with its registered office in Gdańsk (80-387), ul. Arkońska 6, bud. A4, entered in the Register of Enterprises of the National Court
More informationBAYER PRIVACY POLICY FOR PHARMACOVIGILANCE DATA
Policy last updated: [2018-07-06] BAYER PRIVACY POLICY FOR PHARMACOVIGILANCE DATA Bayer takes product safety and your privacy seriously Bayer develops and markets prescription and over the counter medicines
More informationDATA PROCESSING TERMS DEFINITIONS
DATA PROCESSING TERMS DEFINITIONS Agency: means KTS Events Limited (company registration number 05289039) and any business entity from time to time controlling, controlled by, or under common control or
More informationEU Data Protection Directive 95/46/EC FREQUENTLY ASKED
EU Data Protection Directive 95/46/EC FREQUENTLY ASKED PROMOTING DATA PROTECTION Disclaimer All material, information or part thereof available here is meant for public awareness only. DSCI expressly disclaims
More informationPERSONAL DATA PROCESSOR AGREEMENT
1 PERSONAL DATA PROCESSOR AGREEMENT PARTIES This personal data processor agreement ( Processor Agreement ) has been entered into between: Buyer/Client/Customer ( Controller ), and The company within the
More informationGeneral Terms and Conditions Scanning services Version 2018
General Terms and Conditions Scanning services Version 2018 1. Subject (a) (b) (c) These Terms and Conditions apply to the service Scanning Services, offered by bpost to the Customer under the Contract,
More informationCreating a Big Data Strategy: Managing Risk and Enabling Innovation
Creating a Big Data Strategy: Managing Risk and Enabling Innovation Meghan Farmer and Brooke McGuffey 2016 Kilpatrick Townsend What is Big Data? Traditional definition: high-volume, high-velocity and/
More informationThe Brazilian Data Protection Law LGPD
Debevoise Update D&P The Brazilian Data Protection Law LGPD August 20, 2018 Last week, Brazil enacted its long-awaited Data Protection Law (Law 13,709/2018), known as Lei Geral de Proteção de Dados or
More informationKISS COMPANIES: TERMS AND CONDITIONS OF SUPPLY. NOTE: Your attention is particularly drawn to the contents of clause 13.
KISS COMPANIES: TERMS AND CONDITIONS OF SUPPLY NOTE: Your attention is particularly drawn to the contents of clause 13. 1. INTERPRETATION 1.1 The following definitions are used in these Conditions: "Business
More informationAegon Asset Management Europe ICAV ( the Fund ) Data Protection Policy
Aegon Asset Management Europe ICAV ( the Fund ) Data Protection Policy Contents Definitions.. 2 The Product... 2 Fund Board Governance... 2 Delegation of the Processing of Personal Data... 2 Data Protection
More information