Guest user Created: Feb 15, 2018 Last commented: Feb 15, 2018

Data Transfer Agreement

We are a small- sized processing company based in Switzerland, using suppliers/co-processors in the EU. I am going through the GDPR for DPO's training and want to quickly check my understanding. Am I right to assume that for EU suppliers we do not need a change of contract (relating to data transfer), whereas if we had suppliers from the US for example, we would need to formalize data transfer in form of a contract?

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Feb 15, 2018

Answer:

If your suppliers are within EU/EEA there is no need for any safeguards regarding transfers so, no Data Transfer Agreement is needed between controllers and processor that are in the EU/EEA.

However, the Data Processing Agreement which is the legal binding document establishing the obligations of the processors may need to be changed as there are certain requirements that are new and not covered by the current Data Protection Directive. In terms of processor obligations you might find useful the following article on our website : “EU GDPR Controller vs. Processor – What are the differences” https://advisera.com/eugd pracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/.

To learn more about the EU GDPR and cross border data transfers see this free online training GDPR Foundations Course https://advisera.com/training/eu-gdpr-foundations-course//

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 15, 2018

Expert Advice Community