EU GDPR

1. Can you give me some info sources for the formulation of such a contract, if I do not have the personal names?

Answer:

Personal Data is any information which is related to an identified or identifiable natural person. For example, the telephone, credit card or personnel number of a person, account data, number plate, appearance, customer number or address are all personal data so, as you can see is not only limited to names.

The document you are referring to is commonly referred to as a Data Processing Agreement in and is required under art. 28 of the GDPR.

You can find readily available templates for such a document in our EU GDPR Documentation Toolkit (https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/).

2. Does the data processing itself only guarantee that my application treats the data in accordance with DSGVO or does it run as I claim?

Answer:

You as the owner of the app and as a processor of personal data need to ensure that you are processing personal data in a way that is compliant with the EU. This is the purpose behind a Data Processing Agreement to give comfort to the data controller that you will be processing data in a compliant manner.

3. Do I have to protect the software itself as I would have to protect data?

Answer:

You need to ensure that your software has adequate safeguards in place to protect the personal data that is being processed. The safeguard will vary depending on the types and categories of personal data. Article 32 of the GDPR provide some examples such as anonymization and pseudonymization.