For a controller to use a processor, it must ensure that the processor can meet the requirements stated in Art. 28 GDPR. This means that the controller, for example, only could choose a processor that can guarantee to implement appropriate technical and organisational measures in such manners that the processing still meets the requirements of GDPR.
The controller must also ensure that a data processing agreement between them and the processor are being signed. The agreement needs to comply with the requirements stated in Art. 28 (3).
Schrems II – Expert Legal Advise
Act with confidence today. Our experts are here to help you manage the Schrems II requirements. Measured and practical solutions. Support through the entire process. Transfer impact assessment. Dealing with supervisory authority. Enforcement action. Defending legal claims. Track record with leading European startup, mid-size companies and listed global enterprises.
Get a quote today from the business law firm Sharp Cookie Advisors