Do not enter into data processing agreements without specific reasons for doing so, just because GDPR provides for financial penalties.
Businesses using outsourcing providers strive to make sure these relations are GDPR-compliant. In recent months we have seen them produce a great number of data processing contracts. However, when it comes to actual practice, companies find it very difficult to determine if such a contract is indeed necessary in their specific circumstances. Creating a proper framework for the controller-processor relationship in the domain of personal data is a fundamental issue because if data is processed in breach of GDPR, the controller will be liable for the resulting damage even if he has contractually outsourced its data processing responsibilities. The article gives some practical examples with guidance for businesses who face the challenge of implementing GDPR in their operations. For the full article by Zofia Brylińska – Karpicz, our legal counsel, see Rzeczpospolita on-line, the Dobra Firma weekly and here.