Service Agreement Gdpr

You cannot access Memsource service through third parties or give access to third parties, except for your employees and contractors who use Memsource on your behalf. Despite the fact that the RGPD requires a written agreement on data processing, neither the EU nor the Finnish data protection authorities have published standard agreements. As a result, many processing managers and subcontractors have designed their own models to meet the requirements of the RGPD. Because the role of companies, the personal data to be processed and the functions outsourced are different, the data processing agreements are also very different. The RGPD sets the minimum requirements for data processing agreements, but there is often reason to agree on other issues. The agreement may, for example, determine how quickly the processing manager must inform the person in charge of dealing with data protection violations. The higher the risk of treatment for those affected – for example, when health data processing is outsourced – the more the person in charge of the treatment is required to ensure that the service provider is able to process personal data safely. Given that the requirements of the DMPR are new, it is very likely that existing service agreements do not meet all objectives. Any company that has outsourced the processing of personal data must be prepared to amend its old agreements. There will be only a few months of transition before the RGPD comes into force.

It goes without saying that the requirements of the RGPD must also be taken into account in the new agreements. If you are a contractor subject to the RGPD, it is in your best interest to have a data processing agreement: it is first required for RGPD compliance, but the privacy policy also gives you assurance that the data processor you are using is qualified and competent. As we did in recital 81, while we have the ambition to provide you with quality services and make reasonable efforts to provide Memsource`s functionality, we offer no guarantee that Memsource is flawless and uninterrupted. The RGPD requires that the outsourcing of the processing of personal data be agreed in writing. The RGPD also sets minimum requirements for what the agreement must contain.