SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Documents required of a Data Processor

  Quote
Guest
Richard Cope Created:   Mar 01, 2022 Last commented:   Mar 03, 2022

Documents required of a Data Processor

American company doing business in Europe as a Data Processor.  Of your Premium data set, what documents do we need to fill out?

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Tudor Galos Mar 03, 2022

In this case, there is an export of personal data from Europe to the United States. So you need to use a Personal Data Transfer Mechanism – in this case, I would recommend the Standard Contractual Clauses, Controller-to-Processor. You also have a procedure for managing these transfers in the directory 09- Personal Data Transfers.
 
However, in light of the European Union Court of Justice decision that invalidated the Privacy Shield Mechanism, the decision also known as Schrems II, data controllers must request non-EU data processors to provide additional technical and organizational measures to offer the same level of protection for the exported personal data, as it is given under GDPR. You must check whether your company is subject to FISA 702 in the US, and see how you can protect the personal data of your customers from being accessed by US authorities. For this, you should help your customers perform a Data Protection Impact Assessment, especially since you are processing special categories of personal data (health data). In directory 08 – Data Protection Impact Assessment you can find a methodology for DPIA.
 
You can find more details about the EUCJ Schrems II decision and its implications: https://edpb.europa.eu/sites/default/files/consultation/edpb_recommendations_202001_supplementarymeasurestransferstools_en.pdf

Tudor Galos
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 01, 2022

Mar 03, 2022

Suggested Topics

Guest user Created:   Oct 28, 2021 EU GDPR
Replies: 1
0 1

Questions for GDPR

Guest user Created:   Dec 24, 2020 EU GDPR
Replies: 2
0 0

GDPR Documentation and PII