The RGPD defines specific obligations and contractual requirements that must be met, including the relationship between the controller and the transformer. In other cases where the recipient of the data is another person responsible for processing and not a common person responsible for processing, it is up to the processing manager to jointly determine the data necessary to comply with the provisions of the RGPD and protect the privacy of individuals. The data processor takes appropriate steps to ensure that personal data is accessible and accessible only by authorized staff, that direct access to database data is limited, and that application access rights are established and enforced to ensure that those authorized to use a data processing system have access only to the personal data to which they have access; and that during processing, personal data cannot be read, copied, modified or deleted without permission. The data processor takes appropriate steps to implement an access policy that only allows authorized personnel access to their system environment, personal data and other data. Note that the commitments are not very specific. Rather, this clause functions as a general statement requiring the person in charge of the processing to follow the agreement and comply with the law. 11.1 The subcontractor may not transfer or authorize the transfer of data to countries outside the EU and/or the European Economic Area (EEA) without the company`s prior written consent. When personal data processed under this agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the parties ensure that personal data is adequately protected. To do so, contracting parties, unless otherwise agreed, rely on standard contractual clauses approved by the EU for the transfer of personal data. In this agreement, "customer" means "data responsible," since Questback is the processor for other companies and those other companies are Questback`s customers and data managers in the relationship. For the agreement to be effective, the parties must agree that it is feasible and achievable.
Both parties will have to sign it. While the agreement focuses on data processing, the obligations of the processing manager must also be clarified. EZTicket is a data processor that processes personal data on behalf of the charity. 10.3.