Given the complexity of the task, it is advisable to have a data processing agreement as a separate document. It regulates the specifics of data processing, such as the scope and purpose, as well as the relationship between these actors. In addition, it assigns certain obligations required by the regulation. When a subcontractor acts outside the instructions of the treatment manager to decide the purpose and means of treatment, he is considered responsible for the treatment of that treatment and assumes the same responsibility as a person responsible for the treatment. The agreement requires the subcontractor to take all necessary security measures to meet treatment safety requirements (see Article 32). 2. Where a person concerned is unable to claim, under paragraph 1, a claim for compensation against the data exporter resulting from a data breach by the importer of data of one of its obligations covered by paragraph 3 or 11, because the data exporter has effectively disappeared or no longer exists or has become insolvent, the data importer agrees that the person concerned can appeal to the data importer , as if it were the data exporter, unless a successor organization has assumed, by contract or by law, all of the legal obligations of the data exporter, in which case the person concerned can assert its rights against that entity. The data importer must not invoke a breach of its obligations by a subcontractor processor in order to avoid its own commitments. The person in charge of the processing is the person or company that determines the conditions for processing the data.

In software development, it`s a customer. A data processor is a person or company that processes data on behalf of a processor in accordance with the instructions of the processor. When outsourcing, he is an entrepreneur. In this context for the contractual rate, Article 28, paragraph 3, establishes other provisions that will most likely appear as specific provisions in a data processing agreement. This includes: “Accredited Affiliates” refers to all of your affiliates that (i) are allowed to use subscription services in accordance with the agreement, but who have not signed a separate agreement with us and are not a “customer” within the meaning of the agreement, (ii) are responsible for the personal data we process and (iii) are subject to EU data protection legislation.