Processor contract

Article 28 is clear. The contract shall stipulate that the processor:

processes the personal data only on documented instructions from the controller
ensures that persons authorised to process the personal data have committed themselves to confidentiality
takes all measures required pursuant to Article 32 (Security of processing)
respects the conditions for engaging another processor
assists the controller for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights
assists the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 (security of processing, breach notification, data protection impact assessments)
deletes or returns all the personal data to the controller after the end of the provision of services relating to processing
makes available to the controller all information necessary to demonstrate compliance

The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018

Russell is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.