Commissioned data processing as the contractor
What must contractors consider for commissioned data processing?
Already since 2009, significantly intensified regulations have applied for awarding contracts in which the processing of personal data plays a role. Only after quite a long initial period did an extensive response to these new obligations occur. Shockingly often, however, these obligations are perceived solely as the duties of the customer. Service providers do not realize the risks, and also opportunities, that lie in properly conducted commissioned data processing (CDP).
In fact, the customer is primarily addressed and obligated to enter into a contract corresponding to § 11 BDSG and supervise the commissioned party. However, coming to the conclusion as the service provider that there’s no need to deal with such obligations, or that it’s better to ‘let sleeping dogs lie’, can have fatal consequences:
- § 9 BDSG stipulates the obligation to establish adequate technical and organizational measures also explicitly for the commissioned party, i.e. the contractor.
- Without a contract according to § 11 BDSG, there is frequently a transfer of data that is prohibited due to lacking the legal foundation. The stipulated contract is thus also a requirement for the contractor not to act unlawfully.
- Only those who are sufficiently prepared for the position of the contractor will pass the stipulated inspections quickly and remain interesting as a business partner for a potential customer.
- Only those who act proactively and provide customers their own acceptable solutions for commissioned data processing can avoid being confronted in conditions with completely different conceptions and contract samples. Whoever just waits here, will be faced sooner or later with inconsistent demands that everyone wants met.
- Properly implemented measures reduce the liability risk of being sued for damages by the customer or third parties in the case of a data protection incident.
Fit as the CDP contractor
The experts at activeMind AG gladly support you in the preparation of commissioned data processing, so that you as a company can attain targeted competitive advantages:
- We assist you in achieving an adequate data protection level and establishing adequate technical and organisational measures.
- We prepare you for inspections by potential customers. The goal is to avoid on-site inspections to the greatest extent possible via preferably well-documented data protection.
We help you with the preparation of your own agreements, especially on appropriate technical and organisational measures, which will be accepted by as many customers as possible. With this, only uniform requirements will be made of you during implementation.