We are a small- sized processing company based in Switzerland, using suppliers/co-processors in the EU. I am going through the GDPR for DPO's training and want to quickly check my understanding. Am I right to assume that for EU suppliers we do not need a change of contract (relating to data transfer), whereas if we had suppliers from the US for example, we would need to formalize data transfer in form of a contract?
Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Andrei Hanganu
Feb 15, 2018
Answer:
If your suppliers are within EU/EEA there is no need for any safeguards regarding transfers so, no Data Transfer Agreement is needed between controllers and processor that are in the EU/EEA.
However, the Data Processing Agreement which is the legal binding document establishing the obligations of the processors may need to be changed as there are certain requirements that are new and not covered by the current Data Protection Directive. In terms of processor obligations you might find useful the following article on our website : “EU GDPR Controller vs. Processor – What are the differences” https://advisera.com/eugd pracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/.
To learn more about the EU GDPR and cross border data transfers see this free online training GDPR Foundations Course https://training.advisera.com/se/eu-gdpr-foundations-course//
Comment as guest or Sign in
Feb 15, 2018
Feb 15, 2018
Feb 15, 2018