You need a processing agreement when you have personal data processed by an external party. This external party is also known as the processor. Consider, for example, an administration office that pays the salaries for a company, or the hosting provider that hosts a website. With regard to the content of the processing agreement, you can think of agreements about:
Custom-made GDPR Data processing agreement
Dutch and English copy of the GDPR Data processing agreement
Fully compliant with Dutch and EU rules
The GDPR Data Processing Agreement is a specific type of data processing agreement that is designed to comply with the requirements of the General Data Protection Regulation (GDPR).
The GDPR Data Processing Agreement is intended to help organizations to:
The GDPR Data Processing Agreement must be entered into by both the controller and the processor, and must include the following information:
The GDPR Data Processing Agreement must also include information on:
Under the GDPR, companies are allowed to store data outside of the EU as long as it is subject to an adequate level of protection. This means that the company must ensure that the data is protected by measures such as encryption and access controls.
There are a few steps that companies can take to ensure that their data is stored in a safe and secure manner. First, they should consider the location of the data center and make sure that it is in a country with strong data protection laws. They should also use encryption to protect the data while it is in transit and at rest. Lastly, they should put in place strong access controls to ensure that only authorized personnel can view the data.
By following these steps, companies can store their data in a way that complies with the GDPR and protects it from hackers.
A processor is a party that is engaged by a controller to process personal data on behalf of the controller. The processor must comply with the GDPR when processing personal data. A controller is a party that determines the purposes and means of the processing of personal data.
The GDPR applies to both controllers and processors.
First of all, a person or entity can be both data processor or controller. This all depends on the specific role the person or entity takes in.
An example of a processor in GDPR would be an email marketing service provider, a cloud provider or a hosting party that stores personal data. In short, a service that acts on behalf of you and has access (processes) data of your customers or employees.
A processor is only limited by its contract with the controller, but it can’t make independent decisions about how to process data.
A typical data controller is an online payments provider. That provider (for example PayPal or Stripe) captures your customer’s information so that these customers can pay you. However, you have no influence or say over the data that is being collected, stored and used by the payment provided. That is why a payment provider in this case is a data controller.
Another example is an accountant when acting for his or her client. Professional service providers such as accountants, in that role, are data controllers. This is because accountants and similar providers of professional services have professional guidelines that make that they have to take responsible care of the personal data of their clients they process.
After you have fulfilled the checkout process, we will send you a form where you will out a few details about yourself, your company and your company structure. Once this has been filled out we will start working on your GDPR Data processing agreement. This takes on average 1-2 working days.
The total price is:
If you want to make sure you have all your Dutch legal paperwork in order, we can help you out. Fill out our compliance quote form and we will contact you as soon as possible.