Data Protection: GDPR Data Processing Agreement

Data Protection

A GDPR data processing agreement is a contract that is required between data controllers and data processors that ensures that each is appropriately handling personal data. A data controller is a person who owns the personal data, for example, a business that has collected client information.  A data processor is someone who uses the data for them, for example, to create and send marketing emails.  

If you are asking whether you need a data processing agreement, the chances are you probably do. While the GDPR requires that you have an agreement between data controllers and processors in place, it also makes sense to have a contract that protects both parties.

GDPR sets out many minimal requirements which ensure that a series of checks and balances protect data subjects. These are primarily between the data controller and data processor and offer a significant amount of protection for everyone involved.

Aside from protecting the data controller if any data is mishandled, a data processing agreement should also stipulate that they have used due diligence in their selection of a data handler.

Aside from protecting the data controller if any data is mishandled, a data processing agreement should also stipulate that they have used due diligence in their selection of a data handler. 

As a result of some of the requirements in the contract that data controllers must only give companies or individuals access to their data if they are credible and capable.

An example of this might be if you hired a marketing agency to run an email campaign. A credible and capable handler would only use your data on your campaign, while someone less credible might be less trustworthy with the information you share with them. Putting an agreement in place makes sure that they are also GDPR compliant.

Another example may be a parking company that manages the ANPR system to capture plates, then passes your plate data to the owner of the car park to manage parking enforcement.  The plate is passed to DVLA to get the owner details., and the parking enforcement team, then have access to customer information.

A data processing agreement also protects you should the worst happen and you experience a data breach and shows that you have put measures in place to protect your data subjects. So, for example, if you use a third-party service to take online payments and they suffer a breach, a data processing agreement would go some way to showing that you had taken steps to be GDPR compliant.

6SGlobal recommends that businesses of all sizes, even the smallest, should make sure that all of their data processing agreements are fit for purpose. If you require expert help, we also recommend implementing a GDPR Maturity Assessment to assess the security of your data.

More Posts

6S Global Are ISO 27001 Certified

6s Global are proud to announce that we are officially ISO 27001 Certified. For those who are not well versed in information technology, this means we meet exceptional standards in Information Security Management Systems. There are loads of benefits of having such a certification…

Read More »

Air Quality Monitoring: Automatic Number Plate Recognition

Air quality is an increasingly serious environmental problem in major cities around the world, causing various environmental and health problems. Sources and composition of air pollutants may vary from region to region, however road traffic is considered the main source of air pollutant emissions in large urban areas in the UK and other countries.

Read More »
The Newest System to Create Clean Air Zones

How Will Automatic Number Plate Recognition Control Air Pollution?