Data Sharing Agreement Under Gdpr

Article 26 of the RGPD stipulates that joint treatment managers “transparently” define their respective responsibilities for compliance, including the provision of information to the persons concerned and the exercise of the rights of the person concerned. An exception is made where EU law or the national law of an EU member state defines the respective powers. Some transfers are once or infrequent; others are systematic. In some situations, data may be shared, as parties with common access to the data are independent. In other cases, transfers can be discrete acts of sharing. The RGPD provides for joint treatment managers to enter into an agreement clearly stating their respective responsibilities for compliance with the RGPD, including the rights of those affected. While there is no mention of a written agreement between the co-leaders, it is worth reaching an agreement, as it helps to meet the essential requirements for transparency and accountability. This is an obvious point, but the common use of specific categories carries more risks. Many of the higher fines we have imposed by supervisors under the old regulations are due to data breaches with medical data and other types of sensitive data. The RGPD applies to both the person responsible for processing (the entity that determines the purposes and means of processing personal data) and the subcontractor (the entity that processes personal data on behalf of a processing manager) of personal data. The person in charge of processing is usually the organization that collects personal data and looks for uses for their commercial purpose. “processor” is a term used to refer to the controller to which part of the activity is outsourced by the controller.

During the outsourcing process, the subcontractor also has access to personal data. EZTicket is a data processor that processes personal data on behalf of the charity. Is common use between unrelated parties or between related companies? It may be helpful to have an understanding or agreement with the receiver controller, even if there is no general requirement for a written contract (such as data sharing with the controller processor).

Posted Sunday, December 6th, 2020 at 11:58 am
Filed Under Category: Uncategorized
Responses are currently closed, but you can trackback from your own site.


Comments are closed.