To ensure compliance with the GDPR, when engaging a processor, the controller should use only processors providing who sufficient guarantees, in particular in terms of expert knowledge, reliability and resources, to implement technical and organisational measures which will meet the GDPR's requirements, including for the security of processing.
The carrying-out of processing by a processor must be governed by a contract or other legal act under Union or Member State law, which binds the processor to the controller. The contract must set out the subject matter and duration of the processing, the nature and purposes of the processing, the type of personal data and categories of data subjects, taking into account the specific tasks and responsibilities of the processor in the context of the processing to be carried out and the risk to the rights and freedoms of the data subject.
In the GDPR compliance app you must setup your processor details in Data Mapping and then maintain any contracts in the Processors section.
The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018