Standard Data Processing Agreement Gdpr

These controls vary depending on the type of processing performed and may include, among others, password and/or two-factor authentication, documented authorization processes, documented change management processes, and/or multi-level access logging. The subcontractor must allow the manager to carry out audits. These can be performed by another organization on behalf of the data controller. The data processing agreement must allow this, but can also define the basis on which this can be done. For example, if you are a health insurance company and you share customer information via encrypted emails, this encrypted email service is a data processor. . . .