ICO will verify compliance with the university`s privacy policies and practices in connection with Stanford projects. The role of the ICO is only advisory and the proposed adoption or modification of the conditions should not be considered as personal legal assistance. For more information, see the university`s research policy manual. There is no defined format for a data sharing agreement that can take different forms depending on the scale and complexity of the processing. However, the OIC recommends that a data-sharing agreement cover a number of points, including: according to the OIC, it is “good practice” to conclude a data-sharing agreement between those responsible for sharing and receiving data. A data sharing agreement helps the parties to be aware of the purpose of data disclosure and covers what happens to the data at each stage. It is essential that these agreements also constitute a useful tool for controllers to concretely demonstrate their accountability framework under the GDPR. In other words, while the GDPR does not require the use of data-sharing agreements, it is clear that regulatory authorities expect parties to data exchange agreements to have contractual documentation to demonstrate their respective responsibilities. This data processing agreement is adapted from the ProtonMail DPA that you will find on this page. Organizations can use the document below as part of their GDPR compliance. 3. Subcontractors The subcontractor takes appropriate measures to ensure the reliability of an employee, representative or contractor of a subcontractor who may have access to the company`s personal data and, in any case, ensures that access is strictly limited to persons who know /must have access to the relevant personal data of the company, to the extent necessary for the purposes of the main association The Policy Commission of the in order to comply with the laws in force relating to the obligations of this person towards the subcontractor and to ensure that all such persons are subject to confidentiality obligations or professional or legal obligations of confidentiality.
For joint controllers, the data sharing agreement can also be used to define the responsibilities of the bodies that share the data referred to in Article 26 of the GDPR. In accordance with Article 28(3)(b), the contract stipulates that the processor must require any person to whom it authorises the processing of personal data to comply with an obligation of confidentiality, unless that person is already required to do so by law. (C) the Parties shall endeavour to implement a data processing agreement that meets the requirements of the existing legal framework for data processing and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). . . .