You cannot access Memsource service through third parties or give access to third parties, except for your employees and contractors who use Memsource on your behalf. Despite the fact that the RGPD requires a written agreement on data processing, neither the EU nor the Finnish data protection authorities have published standard agreements. As a result, many processing managers and subcontractors have designed their own models to meet the requirements of the RGPD. Because the role of companies, the personal data to be processed and the functions outsourced are different, the data processing agreements are also very different. The RGPD sets the minimum requirements for data processing agreements, but there is often reason to agree on other issues. The agreement may, for example, determine how quickly the processing manager must inform the person in charge of dealing with data protection violations. The higher the risk of treatment for those affected – for example, when health data processing is outsourced – the more the person in charge of the treatment is required to ensure that the service provider is able to process personal data safely. Given that the requirements of the DMPR are new, it is very likely that existing service agreements do not meet all objectives. Any company that has outsourced the processing of personal data must be prepared to amend its old agreements. There will be only a few months of transition before the RGPD comes into force.