Data processing agreement
Data processing agreement
Data processing agreement
According to Article 28 of the General Data Protection Regulation (GDPR), a person who processes personal data on behalf of a controller is a processor. The controller and the processor must enter into a so-called data processing agreement, which regulates, among other things, how the processor performs its activities, what security measures it must take for the affected personal data, and what control rights the controller may exercise over the processor.