A: Signicat must process personal data to provide our customers with the agreed electronic identification and/or signature services. When we identify your customers or users, we must collect personal data such as name, date of birth, etc. If you use us for electronic signature, we must also identify the signatory, but in addition, the documents often contain personal data. All the data you store on the PressPage platform is data processed by PressPage on your behalf. If this data is personal data, it is within the scope of the RGPD, and PressPage is the subcontractor and you are responsible (as stated in the RGPD). Whenever such a relationship exists, the RGPD requires both parties to sign a data processing agreement. (dpa) A: The link can be used several times. To get a copy of the agreement, follow the link and press the first page download button. If you are ready to sign, follow the link again. The agreement must say that, given the type of processing and the information available, the subcontractor must help the processing manager fulfill his obligations: when it comes to signing a dpa that you may not create, there are a number of important things that you need to pay special attention to: warranties from subcontractorsA imperative factor that must ensure that your data processing provides appropriate guarantees for the protection of your personal data. The RGPD makes it clear that in the event of a data breach, data handlers could be held liable, regardless of which party is the victim of the breach. In addition, processors should select data processors that take appropriate security measures.
In particular, the RGPD stipulates that processors responsible for processing must be identified with expertise, reliability and measures consistent with the requirements of the regulation. These include adequate data security, as indicated in Article 28, paragraph 1, of the RGPD. Consistency is essentialThe Data Protection Authority should make it clear that data managers cannot process your company`s personal data for purposes other than that of the Data Protection Authority and responsible data. It may be important for your organization to conduct audits to determine that the subcontractor is using the transferred data in an established and agreed-upon manner within the Data Protection Authority. It is also helpful to ensure that the scope of a subcontractor`s CCA is not broader than your organization`s initial legal basis for processing personal data. Misinterpretation If you define responsibilities and tasks, make sure there is no room for misinterpretation. This can be done, for example. B by confirming and confirming the time frames in which the data processor should process DSAR. Be sure to also provide contact information so that if there are problems, the parties know where to turn.
Of course, regular registration and a clear, open and personal relationship can also be beneficial by compensating for reservations and making you think about potential incidents. Pay attention to your data STORAGE authoritiesEven if it can be a long document that may require a number of preparation work such as data allocation, CPIs, time investments and resources, everything is worth it at the end of the line. Data processing agreements play a key role in meeting the RGPD and ensure that all tasks are properly compliant with the regulations. Data protection authorities can enable organizations to further improve data processing procedures and initiatives, or even reduce the risk of data breaches or incidents, and increase accountability and efficiency.