Outsourcing Flashcards

1
Q

When a processor to which the Regulation applies is not established in the EU what must it do?

A

Designate a representative in the EU - Article 27

Unless: the processing it undertakes is occasional, does not include on a large scale processing of special categories of data or personal data relating to criminal convictions and offences, and is unlikely to result in a risk to the rights and freedoms of individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What data protection law includes 10 specific requirements that affect data services outsourcing agreements?

A

German data protection law, Bundeedatenschurzgesetz BDSG?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the consequences of breaching Section 11 BDSG?

A

Fines of up to 50k euros, plus a potential deduction of profits that a party may have had as a result of the breach

For anyone who

(1) does not enter into a controller/processor agreement correctly, completely or in the prescribed way
(2) does not verify that the data processor’s technical and organisational processes are in place before the data processing is in place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Are alternative contractual mechanisms possible?

A

Article 46(3) provides for the possibility of providing appropriate safeguards through contractual clauses approved by a competent data protection supervisory authority

Unlike the current standard contractual clauses adopted by the Commission, the alternative contractual clauses can be suitable for processor-to-processor data transfers

Success will largely depend on willingness of DPAs to approve different versions of these types of alternative contractual mechanisms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly