Whether you are a data controller or work as an outsourcer, you have the same obligations in terms of data transparency, traceability and security. You are also required to comply with the new GDPR for all personal data transferred outside the European Union.
When sending data externally, you should adopt appropriate safeguards such as the use of binding corporate rules (BCR) and introducing standard Commission-approved data protection clauses in your contracts.
Consolidate your outsourcer contracts
Contracts between data controllers and outsourcers must contain binding clauses governing their mutual data protection responsibilities.
We can improve your standards, propose draft clauses or review agreements with your contractors to ensure that you are sufficiently protected.
Introduce shared liability agreements
If the data processing is shared, a contract is needed to determine the respective responsibilities of the parties. We can negotiate these contracts with you.
Guarantee safeguards for data transfers
Apart from specific circumstances when the authorities believe there is already sufficient protection in place, any data that leaves the European Union must be protected by you.
We can advise you on all data transfers outside the European Union and provide guidance when choosing which safeguards to apply.
For intra-group transfers , we will suggest internal rules for facilitating the transfer process.
How to deal with a data breach
Data breaches must be reported to the competent authority (the CNIL in France) and, in certain cases, to the data subjects concerned. Our office can provide support and representation in all your dealings with the CNIL.
GDPR: our lawyers support your business
The New Technologies/Intellectual Property team of our law firm will help you throughout the process of adapting your business to GDPR obligations and identifying your needs as a result.