IN THIS CHAPTER

Understanding why you need data processing and Data Sharing Agreements

Creating and communicating your agreements

What to expect if you don’t comply

When transfers of personal data are made between organizations — from data controller to data processor, from joint controller to joint controller, or from data controller to data controller — certain safeguards need to be put in place to ensure that the recipient organization protects the personal data disclosed to it as required by the GDPR. This chapter looks at the arrangements that must be in place before making such transfers.

I cover the concept of data processors in Chapter 5. The GDPR requires that you, as a data controller, enter into a written agreement (a Data Processing Agreement) containing the mandatory provisions set out in Article 28 of the GDPR with each of your data processors. I discuss those requirements here.

Chapter 5 also covers the concept of joint controllers. The GDPR sets out certain matters that must be agreed on between the joint controllers and communicated to the data subjects. I also discuss those matters here.

Finally, ...