As a data controller, you will often call in other parties or service providers to process personal data on behalf of your organisation. These parties, data processors, need to be bound by a data processing agreement (DPA) containing the terms under which the data processor will process personal data on your behalf.
According to article 29 of the GDPR, you need to check whether your third parties process data exclusively according to your agreement. This is important because, as a data controller, you are responsible and liable for your processors. Should something go wrong with one of your data processors, then data subjects whose personal data have been affected by this error can also hold you accountable.
With Privacy Nexus you can easily get a grip on your data processing agreements and the compliance of your third parties. By registering all data processors with whom a data processing agreement has been concluded, Privacy Nexus will allow you to automatically and periodically inquire about the current state of affairs of the agreement you have with these data processors. Data processors will be invited to fill out a short compliance survey via email, after which the answers will be available in your Privacy Nexus environment.
By monitoring your third-party relationships with Privacy Nexus, you’ll automatically create an overview which can be used to demonstrate that your organisation has indeed made efforts to keep an eye on its processors. Automating these checks on processors and other third parties can save you a considerable amount of time and money.