The European Commission may decide that the standard contractual clauses provide sufficient safeguards for data protection so that data can be transferred internationally. 11.1 The Processor may not transfer or authorise the transfer of data to countries outside the EU and/or the European Economic Area (EEA) without the prior written consent of the Company. Where personal data processed under this Agreement are transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are adequately protected. To do this, unless otherwise agreed, the parties rely on EU-approved standard contractual clauses for the transfer of personal data. Otherwise, you may not make any changes to the CTCs unless they are adding additional warranties or clauses to business-related matters. You can add parties (i.e. importers or exporters of additional data) as long as they are also related to the SCCs. So far, it has published two sets of standard contractual clauses for the transfer of data controllers in the EU to controllers based outside the EU or the European Economic Area (EEA). Standard contractual clauses for data transfers between EU and third countries. Once the transition period to leave the EU has expired, the UK will be able to create its own CSCs for restricted transfers from the UK.
In the meantime, UK pilots can continue to use existing EU CTCs (valid on 31 December). See below for more details. This assessment is undoubtedly complex in many situations. The European Data Protection Board (EUROPEAN DATA PROTECTION BOARD) has published for consultation recommendations on measures to be taken to supplement the transfer instruments. We expect the final version to be released sometime in 2021. The recommendations (once completed) apply to the EU GDPR transfer regime and are only included here as a useful reference for additional measures. The ICO intends to publish its own guide on the subject in due course. 2.1.2 Not to process the Company`s personal data, unless it is documented instructions of the respective Company. (B) The Company wishes to subcontract certain services involving the processing of personal data to the Processor. 12.2 Notices.
6.2.1 immediately inform the Company if it receives a request from a data subject under a data protection law relating to the Company`s personal data; and 1.1.2 «Company Personal Data» means all Personal Data processed by a Processor on behalf of the Company under or in connection with the Master Agreement; 6.2.2 ensure that it does not respond to such request, except as documented by the Company or as required by applicable laws to which the Processor is subject, in which case the Processor shall inform the Company of such legal request to the extent permitted by applicable law before the Processor responds to the Request. 7.2 The Processor shall cooperate with the Company and take appropriate commercial measures mandated by the Company to help investigate, mitigate and remedy any personal data breach. 10 business days after the date of termination of services regarding the processing of the Company`s Personal Data (the «Termination Date»), delete and arrange for the deletion of all copies of such Company Personal Data. This Data Processing Agreement («Agreement») forms part of the Service Agreement («Master Agreement») between_______________________________________________________________ (the «Company») and_______________________________________________________________ (the «Processor») (collectively, the «Parties») 1.1.6 «EU Data Protection Laws» means EU Directive 95/46/EC as transposed into the national law of each Member State and from time to time other is amended, replaced or replaced, including by the GDPR and laws that implement or supplement the GDPR; 3. The Subcontractor-Subcontractor must take reasonable steps to ensure the reliability of all employees, agents or subcontractors of a Subcontractor who may have access to the Company`s personal data and must in any case ensure that access is strictly limited to persons who need to know/access the Relevant Personal Data of the Company, to the extent necessary for the purposes of the main contract. is absolutely necessary. and to comply with applicable laws in relation to that person`s obligations to the Processor and to ensure that all such persons are subject to professional or legal confidentiality obligations. 1.1.4 «Data Protection Laws» means the data protection laws of the EU and, where applicable, the data protection laws of another country; 5.1 The Processor shall not appoint (or transfer to) a Sub-Processor unless required or permitted by the Company. (D) Parties wish to define their rights and obligations. 1.1.8.2 a transfer of the company`s personal data from a processor to a sub-processor or between two entities of a processor in all cases where such a transfer would be prohibited by data protection laws (or by the terms of data transfer agreements established to meet data transfer restrictions of data protection laws); 6.1 Given the nature of the processing, the Processor shall assist the Company by implementing appropriate technical and organisational measures, to the extent possible, to fulfil the Company`s obligations, as reasonably understood by the Company, in order to respond to requests to exercise the rights of the data subject under data protection laws. IN WITNESS WHEREOF, this Agreement shall be effective from the date set forth below. 1.1 Unless otherwise defined herein, the capitalized terms and expressions used in this Agreement have the following meanings: 1.2 The terms «Commission», «controller», «data subject», «Member State», «personal data», «personal data breach», «processing» and «supervisory authority» have the same meanings as in the GDPR, and their related terms should be interpreted accordingly.
. . .
