Data processing on behalf according to GDPR
Whether cloud computing, CRM system, newsletter or technical maintenance – as soon as a data controller transfers personal data to another entity to act upon these data, data processing on behalf takes place. To ensure compliance with data protection law during such processing activities, the EU General Data Protection Regulation imposes strict conditions.
The GDPR, which will be enforceable from 25 May 2018, entails some changes regarding processing on behalf when compared to its predecessor, the EU Data Protection Directive (95/46/EC).
One of the important changes introduced with the GDPR is the significantly increased amount of obligations that is to be met by data processors even if their premises are established outside the European Union. New duties accompanied with data subjects’ rights are enforceable against processors and the resulting high penalties that may be imposed on processors for GDPR violations show the all-encompassing importance of compliance with the new law.
This Whitepaper will explain what ‘data processing on behalf’ is, which requirements have to be met. It will also highlight the exact situations when data processing on behalf takes place. Furthermore, it will clarify the obligations of data controllers as well as of data processors. Finally, this Whitepaper will provide practical tips and templates for data processing on behalf, which – of course – are GDPR compliant.