In recent years, data protection and privacy have been hot topics in lawmaking all over the world. The rise of tech giants like Facebook, Google, and Apple have lead to a public debate about the protection of our personal information and online privacy.
Policymakers worldwide have responded by creating a wide array of different laws that aim to ensure the protection of our data and privacy. The greatest example being the GDPR-directive, adopted in 2018 within the EU.
This massive directive has, amongst other things, created a lot of obligations for businesses. It has become evident over the past two years that businesses seem to struggle to implement these new obligations.
Data processing agreements
The GDPR directive has completely changed how businesses should handle their data processing.
One very specific obligation for businesses that work with personal data of people is the use of so-called Data Processing Agreements (DPAs). Chances are that your business handles data from a wide array of people, often without giving much thought to it.
Even holding a file of information such as telephone numbers, names and addresses of suppliers and clients leads to the application of the GDPR.
These agreements should make sure that in case of a breach, it can be determined which entity carries responsibility for the data protection.
A DPA regulates the scope and purpose of the data processing. The agreement should specify the rights and obligations of your business and the parties processing the data.
Why are these agreements so important?
The importance of DPAs is not solely that they are obligated under GDPR, and non-compliance thus leads to sanctions.
The main use of Data Processing Agreements is that they make sure that your business is not liable for any breach of the data processing law by your data processor or a third party.
In order to safeguard your business against any claim concerning a breach somewhere in the chain of data protection, your business should use data processing agreements.
Luckily, the EU itself provides a template your business can use.
Keep an eye on our blog for further tips and best practices your business can use to make sure you comply with the complicated data processing and privacy laws.