A processor (i.e., the party that collects and records the original data and determines what to do with it) should enter into a contract, when a data processor is involved, to ensure that the data processor complies with its legal obligations and fully protects the personal data it processes on behalf of the processor and the rights of the people whose data is processed. However, depending on the severity and nature of the injury, there are two levels of fines. Fines imposed on the RGPD for breaches of data processors are generally covered by the first stage, whose guidelines can be as serious as 10 million euros or 2% of global turnover. In any case, it is much less painful to sign a data processing agreement and to comply with the terms than to pay a penalty from the RGPD. We hope this guide will help. Other easy-to-digest helps for RGPD compliance can be accessed in our RGPD checklist. ☐ the subcontractor must ensure that data processing persons are subject to a duty of trust; For more information on products and data processing conditions, see privacy.google.com/businesses/compliance. In many cases, when an organization wants to process personal data, it is preferable to entrust the processing to an external contractor, especially when it is complex and requires expertise or a system. Google provides appropriate data processing conditions for certain products that include the data processing services listed below. The term „treatment“ appears in this article with a repugnant frequency. In the definitions of the RGPD Treatment essentially refers to everything, what you can do with a person`s personal data: collect, store, monetize, destroy, etc. 126.96.36.199, transmit personal data from the contract subcontractor to a subcontractor or between two entities of a contract processor, at least when such transmission would be prohibited by data protection laws (or by the conditions of data transfer agreements introduced to remedy data protection restrictions imposed by the Data Protection Act); ☐ given the nature of the processing and the information available, the subcontractor assists the processing manager in carrying out his RGPD obligations with respect to processing security, notification of personal data breaches and data protection impact analyses; (C) The parties are working to implement a data processing agreement in line with the requirements of the current legal framework for data processing and the 2016/679 European Parliament and Council 27 April 2016 on the protection of individuals in the processing of personal data and the free movement of personal data and repealing Directive 95/46/EC (General Data Protection Regulation).