11.2 This communication must include at least: (a) a description of the nature of the data breach, including, if possible, the categories and estimated number of data involved, as well as the categories and estimated number of personal data records involved; b) the name and contact information for data protection of the Ficer (DPO) or any other point of contact where more information can be obtained; (c) the likely consequences of the data breach , (d) describe the actions taken by the data subcontractor or the measures the subcontractor proposes to deal with the data breach, including, if necessary, measures to limit potential consequential damage. 14 When we use an external data processing agent for the processing of personal data, a written subcontract is signed between us and the subcontractor. This applies in particular. B to the use of an external repository of documents or to the processing of personal data by cloud systems, including communication with the customer. Similarly, a written agreement is always reached between us and our client when we act as a Sub-Data Processor. Data processing agreements are also available electronically. 1.1.4 “Data protection laws” are EU data protection laws and, where appropriate, data protection or data protection legislation from another country; However, depending on the severity and nature of the injury, there are two levels of fines. Fines imposed on the RGPD for breaches of data processors are generally covered by the first stage, whose guidelines can be as serious as 10 million euros or 2% of global turnover. In any case, it is much less painful to sign a data processing agreement and to comply with the terms than to pay a penalty from the RGPD. We hope this guide will help. Other easy-to-digest helps for RGPD compliance can be accessed in our RGPD checklist.
1.1 This agreement to collect, store and use documents and information (hereafter referred to as the “data processing contract”) was signed by and towards a contract. Accordingly, in accordance with point 11 of these clauses, the data exporter gives the data importer a general agreement to transmit the subprocessors. This consent is conditional on the data importer complying with the requirements set out in the “Notification and Objection to New Contractors” section of the data protection authority. 1. The parties agree that in the event of termination of the provision of data processing services, the data importer and subcontractor, at the data exporter`s choice, return all personal data and copies to the data exporter, or destroy all personal data and confirm to the data exporter that it has done so. , unless the legislation imposed on the data importer prevents it from returning or destroying all or part of the personal data. Transmission.