It doesn`t matter. These contract manufacturers, brokers, agents and resellers all count as suppliers and must be part of your assessment of third-party agreements. A step-by-step guide for compliant third-party agreements. This hidden danger? Third-party agreements. The truth is that they can make or break your data protection implementation. That depends. Where such third-party contracts involve the processing of personal data, companies must ensure compliance with the RGPD. Companies must conduct a thorough review of their contracts and make appropriate changes to comply with the PDPP. This means that you should be able to send your personal data in a common format (for example. B of a calculation table) either to them or to a designated third party.
This may seem unfair from a commercial point of view, as you may need to hand over your customers` data to a competitor. But from a privacy point of view, the idea is that people own their data, not you. Organizations that employ at least 250 people or conduct high-risk data processing are required to maintain an up-to-date and detailed list of their processing activities and to be prepared to submit the list to the on-demand screening authorities. The best way to demonstrate compliance with the DMPP is to use a data protection impact assessment Organizations with fewer than 250 people should also conduct an assessment, as this facilitates compliance with other PDMP requirements. You should include in your list: the purposes of the processing, the type of data you process, who has access to it in your organization, third parties (and where they are) who have access to what you do to protect the data (for example. B encryption), and when you intend to delete them (if possible). The first step in this process is to create and update an inventory of updates and data security and protection requirements. You can then use this database to perform a similar scan of each of your lender contracts.