Contract Processing
Contract processing by external service providers
Today, external service providers are increasingly used for the performance of tasks. In many cases, this means data transfer to third parties and represents a particular challenge from the point of view of data privacy. In order to find a pragmatic solution, the legislator has defined contract processing, whereby the external service provider can be handled like an internal department of the company. In terms of data privacy, this does not mean that data is transferred to third parties. However, this is linked to a number of obligations in order to guarantee the privacy of personal data.
We support you in complying with the legal requirements for contract processing, regardless of whether you are the client or the contractor. In addition, we support you in monitoring your contractors.
Contract Processing
Contract processing by external service providers
Today, external service providers are increasingly used for the performance of tasks. In many cases, this means data transfer to third parties and represents a particular challenge from the point of view of data privacy. In order to find a pragmatic solution, the legislator has defined contract processing, whereby the external service provider can be handled like an internal department of the company. In terms of data privacy, this does not mean that data is transferred to third parties. However, this is linked to a number of obligations in order to guarantee the privacy of personal data.
We support you in complying with the legal requirements for contract processing, regardless of whether you are the client or the contractor. In addition, we support you in monitoring your contractors.
Related Services
The data privacy documentation provides the framework for the concepts and processes to be implemented. It is divided into three levels: “guidelines”, “concepts” and “implementation documents”. Thus the legal documentation requirements can be covered. In addition, employees find orientation here with regard to data privacy requirements and regulations in their company.
An important component of data privacy is employee awareness. In companies, 2/3 of all security-relevant incidents – mostly unknowingly – are caused by the company’s own employees (from the management to the system administrators and IT specialists to the users).
The answer to questions such as “In which processing are personal data processed?” or “Who has access to the data processed within the processing?” is often not easy for those responsible – there is a lack of transparency about this.
A first step towards transparency is the collection of the relevant information on the individual processing operations, such as clarification of the legal basis, data transfer or technical and organisational measures to ensure data privacy.