Audit of data processors
incl. DPA contract review
Initial audit and follow-up inspections of your data processors as well as assistance by legal experts with contract drafting or review.
Compliance builds sustainable trust
Do you need to control your data processors?
As a controller, you are accountable under the General Data Protection Regulation (GDPR) when processing personal data. This means that you must be able to prove whether you comply with the requirements of data protection laws.
This accountability also extends to service providers who process personal data on your behalf. You as the controller must provide evidence of the selection of all data processors in compliance with data protection requirements and of their regular auditing (at least every two years).
When selecting and monitoring data processors, it is particularly important to check the technical and organisational measures (TOM) in accordance with the current state of the art and specifically related to the service provided. This is a great challenge for many companies!
Auditing of data processors by lawyers
The initial control in the selection procedure as well as the follow-up controls for existing processing operations require in-depth legal and technical knowledge. Our specialised lawyers are happy to support you every step of the way.
Together with you, we create a template data processing agreement that you can use for your service providers. In doing so, we take into account not only data protection law but also your interests and exploit the possible scope for design to your benefit. We are also happy to review and evaluate existing contracts and point out necessary or recommendable changes.
If you have to agree to the data processing agreements of your service providers, we check them for conformity with the GDPR, for hidden cost traps as well as for whether the contracts are in any way contrary to your interests, as permissible but unfavourable alternatives may be chosen for you.
We check the contractual and technical arrangements with your planned service providers before the planned cooperation and provide a meaningful review report. If necessary, we help to remedy grievances and negotiate recommendable changes.
If you already have an existing contractual relationship, we check the actual implementation of individual measures at your processors on the basis of the data processing agreement between you and your service provider, including the technical and organisational measures promised. If necessary, we will provide specific information on how to remedy any deficiencies found.
4 reasons to let activeMind.legal handle your data protection audits
In order for us to be able to provide you with an individual offer for the audit of contracts or processors, please provide us with some information in advance.
A member of staff will get back to you within two working days to suggest an appointment for an initial phone call.
Our experts are all legal professionals and as such where they are not mandated by statute to maintain confidentiality, they are bound by be the ethics of their profession and will naturally treat all correspondence and information confidentially.