Assign topic to the user
2. We have vendors on EU. And we provide them with personal data -contact details of citizens of EU. Which doc should we sign with them?
Answers:
1. It depends on what the legal basis for processing the CV is, if you choose to rely on consent then you need the consent of the data subject for you to keep the CVs as well as sending them to third parties which may act as controllers as regards to the data in their CVs. However if you rely on “contractual obligation” then you need to provide a Privacy Notice to the individuals which sends you their CVs and in this notice you should provide all the information required by EU GDPR art. 13 - Information to be provided where personal data are collected from the data subject (https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/ )
2. For the vendors which are acting as your processors you need to have in place a Data Processing Agreement/Addendum to regulate the processing activity they are performing on your behalf as well as for compliance with EU GDPR art. 28 – “Processors” (https://advisera.com/eugdpracademy/gdpr/processor/). The relevant document can be found in folder 7 of the EU GDPR Documentation Toolkit and is named “Supplier Data Processing Agreement”
Comment as guest or Sign in
May 24, 2018