Data Processing Agreements (DPA)
Learn more about the legal Requirements inon Data Processing Agreements: When they are required, which ctent they must have atd how we cat support your compy with legally compliwith ctract solutis.
Learn more about the legal Requirements inon Data Processing Agreements: When they are required, which ctent they must have atd how we cat support your compy with legally compliwith ctract solutis.
A Auftragsprocessings-ctract (DPA) is a rechtlich verbadliches Dokdocaround/toent, the Beziehung between a Vertwortlichen (client) atd a processor (Dienstleiser) inon Rahmen the processing persalr da regelt. Er is inon Article 28 GDPR verkert atd represents a zentrales Element for ensurimg the da protecties inon the Auslagerung da processing processes.
A DPA must inmer then proceedclosed be, wenn a compies (ctroller) a Dienstleiser (processor) with the processing persalr da betragt. This includes typische Szenarien such as the Nuttg external IT-Dienstleiser, Betragung Marketg-service providers, Abadung external Support-Dienste, Outsunserectg HR-Funktien, Betragung Callcentern or the Abetz Analytics-Tools.
A ctroller entscheidet about the purposes atd Mittel the da processing, while a processor persal da inon Auftrag atd pursut to Weisung the Vertwortlichen processed. At gememer Vertwortlichkeit entscheithe zwei or more Vertwortliche gemem about the purposes atd Mittel the processing, was a Verproceeung pursut to Article 26 GDPR requires.
A legally complier DPA must the Gegenstad, the Dauer, the Art atd the purpose the processing festlegen. Additially must er the rights atd obligis atthe Parteien defieren, technicl atd orgizial measures beschrein, ruleungen for Support the Vertwortlichen inon da subjectsnrechten enthalten atd requirements for Unterprocessor as well as deletion ccepte festlegen.
the Fehlen a DPA or ahaltlich deficientr DPA cat to fines to on 10 Millien Euro or 2% weltweiten Jahrerodtzes cduct. Additially cat the Vertwortliche for da protectiverstöße the processors haften, es cat unklbe respsibilities inon da breaches arise atd reputial damage inon Bectbe complice-deficienciesn drohen.
the practical implemention includes identifying all relevt Dienstleiser, the Review the Notwendigkeit a DPA, the Verhadlung atd the completion legally complier ctracts, the regular review atd upde exising da processing agreements as well as docaround/toention all measures for Nachweisbarkeit GDPR complice inon Rahmen the Accountility.
A legally complier DPA must pursut to Artikel 28 GDPR naround/toerous obligiathalte include. This includes the exact Beschreibung Gegenstad atd Dauer the processing, Art atd purpose the da processing as well as the Kategorien the processethe da atd the betrfenen perss. Additially must the Weisungsgebtheheit the processors, the cfidentialitysverpflichtung all beteiligten perss as well as the technicl atd orgizial measures for da protection clearly defined be.
the ruleung for Abetz Subundernehmern is a central compent a DPA. Typischerweise is defined, thinon the Betragung Subundernehmern only with beforeheriger schriftlicher Zustinmung the Vertwortlichen onlässig is. The processor must the Vertwortlichen about every betigte Äntheung informieren atd cra, thwith even the Subundernehmer the gleichen da protectiverpflichtungen ahalten such as er himself.
the processor is verpflichtet, the Vertwortlichen inon the fulfillment da subject rights to support. This includes Hilfe inon Auskunftsersuchen, Berichtigungs- atd Löschungtfragen as well as inon requests for daabout/overtragbarkeit. Additially must er Support inon the complice weiterer da protectitopflichten leisen, atssadditiallye inon the ensurimg the Data Security, the notifiction da breaches, implementing da protection impact assessments atd inon beforeherigen Konsultien with supervisory authorities.
Im DPA must clearly geregelt be, was with the persal da pursut to completion the processing happens. Steardmäßig should defined be, thinon the processor all persal da entwethe löscht or inon the Vertwortlichen forückgibt, provided ne legal obligion for additial srage besteht. The deletion or Rückge must byweisbar atd pursut to Möglichkeit docaround/toents be.
inon daabout/overwithtlungen inon Länthe excepthalb the EU/the EWR must inon DPA onsätzliche Vorkehrungen getrfen be. This includes the explizite ruleung the Drittladabout/overwithtlung with Ange the Empfängerlänthe, the implemention approprie Gartien such as EU-std ctractual cles as well as docaround/toention a Data Protection Impact Assessment. Since the "Schrems II"-Urteil the EuGH are the Requirements interniale da trsoffers erheblich gestiegen atd erforthen a gründliche Review atd Docaround/toention.
In the Praxis weisen da processing agreements often deficiencies on, the to your Unwekmkeit cduct cat. To the oftensten Fehlern zählen to uspecific Beschreibungen the processing, missingde or unklbe ruleungen to Subundernehmern, insufficient Beschreibungen the technicl atd orgizial measures, missingde definition Weisungs- atd Kontrollrechten as well as lückenhafte deletion ccepte. The Verwendung outdedr ctractsmuster, the not the current Requirements GDPR entsprechen, represents aso a erhebliches Risk.
the legally compliwith design da processing agreements requires specializeds Fachwissen ongrad the complexn legal Requirements, the through new cse law ctinuously additialtwickeln. Besadditiallye challenges we ensure the Abgrentg between Auftragsprocessing atd gememer Vertwortlichkeit, interniale daabout/overwithtlungen pursut to the "Schrems II"-Urteil as well as the präzise Beschreibung technicl atd orgizial measures. Our experts support you with fthertem Fachwissen atd lagjähriger practicalr experience inon all aspects rad to da processing agreements.
We cree individual da processing agreements, the exakt to your specific Requirements ongeschnitten be. This includes a legally compliwith ctractsgestaltung pursut to Article 28 GDPR, a präzise Beschreibung the processing activities atd da flows as well as a detailed presention the technicl atd orgizial measures. Additially we we ensure for klbe ruleungen to Weisungs- atd Kontrollrechten, legally compliwith design internialen da trsoffers atd a Harmisierung with exising ctractsziehungen.
for already exising da processing agreements offer we a comprehensive Review with ccrete Anpassungsempfehlungen. This atnhaltet the Review to Vollständigkeit atd legal complice pursut to the current legal Requirements, identifying gaps or risks as well as assessing the beschrienen technicl atd orgizial measures. We about/overcheck additially ruleungen to Subundernehmern atd Drittladtrsoffers atd We cree a detailed report with Anpassungsempfehlungen, if necessary we take over aso the Überarung atd upde the DPA.
for compies with naround/toerousn Dienstleiserziehungen We develop a structureds DPA-Maagement-System. This includes the creion a Dienstleiserabout/overt with Assessment the DPA-obligion, the development stadisierter DPA-temples for various Dienstleisertypen as well as the definition a processes for DPA-completion, -upde atd -ctrol. Zusätzlich intoplementieren we a Subundernehmer-Maagement, bauen a Dokdocaround/toentis- atd Nachweissystem to atd train the respsibleen employees inon hadling the System.
We support you inon Verhadlungen with your service providers for completion legally complir da processing agreements. This atnhaltet the legal Assessment beforeplaceder DPA-Entwürfe, identifying criticlr ctractspunkte atd the development Alternivformulierungen. We help inon the Durchsettg necessary adjustments, inon the Beurteilung the vom Dienstleiser atgegenen Technicl atd Orgizial measures as well as inon the Verhadlung Drittladtrsoffers atd Subundernehmer-ruleungen. Auf Wusch we take over aso the direkte Verhadlungsführung with the Dienstleiser, to we ensure, thwith your da processing agreements not only the formalen Requirements entsprechen, sadditiallyn aso your Interessen optinal protect.
A professial DPA-Consulting bietet naround/toerous advages for your compy. You miniert the Risk fines atd Haftungtsprüchen through legally compliwith ctractsgestaltung, optiniert your business processes klbe respsibilities atd obligis as well as verssert your complice-Position inon da protectiaudits. Additially schafft you Rechtsitselofferheit internialen da trsoffers, enles a efficient maagement naround/toerousr Dienstleiserziehungen atd stärkt your Verhadlungsposition towards service providers through ftherte legal Expertise.
our da protectiexperten aalyze your current Situion atd offer ccrete recommendis for action for a GDPR-complie implemention.
We cree atd maintain all relevt docaround/toents such as da processing agreements, Technicl atd Orgizial measures, policies atd evidence – legally compliwith atd current.
We about/overcheck your processes, ctracts atd Docaround/toention to GDPR complice atd help inon the Optinizion.
We train your employees practiclly to da protectiadditiallymen – online or before Ort – atd promote da protection complit behavior.
