Addendum Agreement Traduzione

Senior Partner, Dentons Europe Tax Law Firm – CIPP/E (Certified Information Privacy Professional / Europe It seems that there is no difference between a standard created by the owner and a standard established by the manager. In the end, it is always a contract whose minimum content is set by law: one party makes a proposal, the other considers it and, if there is adoption, the contract is concluded and the end result, that is, compliance with the obligation to sign a CCA, is obtained regardless of the origin of the basic text. However, we are talking about a standard: an agreement that the party that has proposed as such tends to regard as immutable because it already corresponds to its own reality. The appointment of external treatment managers is an obligation: there is no doubt and there are no exceptions. The person in charge of the processing, i.e. the individual or legal person, the public body, the service or any other body that handles personal data on behalf of the person in charge of the processing, must and must do so only on the basis of a “contract or other legal act under EU or contract law” that binds him to the person in charge of the processing and defines and regulates the processing activities he performs on his behalf. First of all, it should be stressed that the obligation to appoint those responsible for the treatment has always been essential: then the question arises as to why (it happened and will happen again) subjects who qualified as self-employed until 25 May 2018, and who suddenly claimed their role as manager (and vice versa) while pursuing the same treatment activities. To the question of whether the answer is generally “because the RGPD has come into force”: it is a pity that the RGPD not only does not have the merit of having introduced the obligation to designate those responsible for the treatment, but also to change the definition and characteristics of the numbers of the person in charge of the treatment and the person responsible for the treatment. In short, those responsible for today`s treatment, it was even earlier. A standard established by a processing manager also indicates, at best, all measures deemed necessary by the owner for the protection of personal data processed by the administrator: it is easy to understand that the administrator who wants to accept the task must adapt and accept the requirements set by the owner, including with regard to security measures. A standard prepared by a manager will at least not always be perfectly suited to the wishes and needs of the owner: it will tend to contain the measures already taken by the administrator and this will not necessarily be sufficient for the processing of personal data that the data responsible for processing entrusts to the administrator. But if he intends to use the specific responsibility for the treatment, it is likely that in this case it will be the owner, who will probably have to adapt and accept the measures that the administrator (not the owner) has deemed sufficient.

نمایش بیشتر

نوشته های مشابه

همچنین ببینید

بستن
دکمه بازگشت به بالا
بستن