© 2021 admin

Agency Agreement Gdpr

Since HubSpot uses this agreement with many different controllers, the intro is very widespread. If you are the controller, you may want to be more specific and indicate the exact parties that are involved in each data processing agreement you have entered into. According to the GDPR, these are the obligations of the data processor (agency) towards the data controller (customer): there is an “easy to read” and “data” version of the clause, which takes into account different relationships and can be included either in the form of a separate agreement or in an existing customer/agency contract. The client or agency can only be relieved of its liability if it is able to prove that the damage is in no way due to it (for example. B if it results from data processing that is not carried out by him). That duration of the contract should include the staff of the processor as well as all temporary and temporary agency workers who have access to the personal data. Note that the agreement mentions employees, agents and contractors – a good way to cover all bases. IPA has also developed a number of data processing clauses in the form of an addendum. The addendum contains design notes that will help you tailor the clauses to your agency`s requirements. The addendum can be sent to your existing suppliers, as outlined in the Supplier Guide, and can also be used when negotiating and designing new supplier contracts. Please, be sure to read the supplier`s guidelines before using the add-on, as the guide contains important instructions on how to use the clauses contained in the addition.

First, describe the purpose of the agreement. Indicate the parties involved and what the GDPR data processing agreement must obtain. For example, if the Agency evaluates the Google Analytics clause in the privacy and cookies policy and the link to the provider`s privacy policy is incorrect, this is the responsibility of iubenda. However, if the agency adds Google Analytics, but the website uses another service, the burden falls on the Agency, unless the Agency proves to be exempt (e.g. .B. if the client has approved the documents or has expressly requested the inclusion of this clause). There are a number of different ways to conduct this verification process, and much depends on the number and complexity of the different supplier contracts entered into by your agency. It should be emphasized that compensation relieves the Agency of liability related to the “goodness” of iubenda`s products, and not of any liability. The 2015 version of the Model Creative Agency Contract contains a relatively short data protection clause to ensure an appropriate level of compliance with current data protection legislation. However, in view of the new contract requirements under the GDPR, the proposed data protection clause needs to be reviewed in the standard contract. Under the GDPR, there are other mandatory clauses regarding personal data that must be included in your agency`s contracts with your suppliers who process personal data for you. The conditions are much more detailed than those provided for by the current data protection legislation and are intended to ensure that the processing carried out by a provider meets all the requirements of the GDPR (and not only those relating to the security of personal data, as provided for in the current data protection legislation).

IPA has developed further guidelines for agency supplier contracts. The guide contains the recommended steps you should take to assess, prioritize, and modify your existing contracts with your agency`s suppliers in order to achieve a good level of GDPR compliance. . . .