Processing contracts

  • It is required, if personal data is processed between the controller and the processor, that a written processing contract be concluded between them. An important condition, however, is that it is really processing according to the definition of the regulation, so it must contain a certain systematic nature, ie. these are not random activities.
  • Typical processing is, for example, 3rd party payroll management, customer and CRM systems, etc., collection of cookies on the website, while occasional activities in response to e-mail, saving a business card or phone number in the phone do not fall within this definition.
  • According to the results of legal analyzes and consultations with the EU supervisory authorities, the relationship between the company and its clients is the administrator-administrator relationship. Both parties are therefore responsible for their agenda and processors, while the relationship between them is captured in the business conditions or. amendment to the contract. The only key is to capture the categories of personal information, purpose, and security of the transfer.