Fantastic Support

When do I need a data processing agreement?

What is data processing (DP)?

Data processing within the meaning of the BDSG is the collection, processing or use of personal data by a service provider on behalf of the responsible office. Article 11 BDSG describes in detail which rights, obligations and measures are to be taken by a contract between the client (responsible body) and the contractor (service provider).

 

Sources: https://www.datenschutz-wiki.de/Auftragsdatenverarbeitung and https://en.wikipedia.org/wiki/Data_processing

Do I need a data processing agreement?

As soon as a company commissions external service providers with the data processing, it is an order processing. The external data processing may occur, for example, in the following cases:

 

 

  • Your website is managed by an external host (usually the case).
  • You use external newsletter providers for marketing campaigns
  • You use Google Analytics
  • You commission companies to maintain your software and hardware
  • You use remote maintenance software
  • Your payroll accounting is carried out by an external service provider.

 

This short enumeration shows: In most cases, you will need an order processing contract whenever external service providers have access to your customers' personal data. 

What is personal data?

The Federal Data Protection Act defines personal data as individual information about the personal or factual circumstances of a specific or identifiable natural person (§ 3 Paragraph 1 BDSG).

 

In plain language: All data and information that can be used to establish a personal reference are personal data, including, for example, personal data:

 

 

  • Name
  • Address
  • Email Address
  • Telephone number
  • IP Addresses
  • Account details
  • etc. 

 

Practical experience: If you use Google Analytics, you must enter into a corresponding contract with Google for the processing of order data. If you request the e-mail address of your customers for a newsletter to be sent (via your external newsletter provider), then personal data will be transmitted to your external service provider.

What is regulated in the data processing agreement?

Section 11 para. 2 sentence 2 BDSG regulates which points must be regulated in the contract data processing agreement:

 

 

 

  • the subject matter and duration of the contract,
  • the scope, nature and purpose of the proposed collection, processing or use of data,
  • the nature of the data and the group of data subjects,
  • the technical and organisational measures to be taken in accordance with § 9,
  • the rectification, erasure and blocking of data,
  • the contractor's obligations under paragraph 4, in particular the checks to be carried out by the contractor,
  • any entitlement to establish subcontracting relationships,
  • the control rights of the client and the corresponding obligations of the contractor to tolerate and cooperate,
  • any infringements to be reported by the contractor or persons employed by him against regulations for the protection of personal data or against the stipulations made in the order,
  • the scope of the powers of instruction which the Customer reserves vis-à-vis the Contractor,
  • the return of data carriers provided and the deletion of data stored by the contractor after completion of the order.

 

 

 

Do the data processing agreements have to be concluded in writing?

The GDPR also makes things easier: the contract processing agreement can also be made available electronically. If the contracts for Google Analytics use had to be sent to Ireland before the GDPR, one click in the administration interface is now sufficient to conclude the contract with Google. What is important here, however, is that the providers can document the contract conclusions and assign them to their customers. 

 

Where can I find the order processing contract at checkdomain?

You can find the order processing contract in your customer area: My data > Order processing.

By clicking on the small box, you agree to the order processing contract. Then click on the button "Create contract". The contract will then be sent to you at the e-mail address provided. Additionally you have the possibility to download the contract by clicking on the button "Download". The contract is stored here and can be downloaded again at any time.

This information is not legal advice!

We would like to point out that our website is for information purposes only and does not constitute legal advice. The content of this offer cannot replace a binding legal advice. All information is without guarantee of correctness and completeness.

Was this article helpful?

Thank you very much for your review!

Thank you very much for your review!

You have already rated this item.

Thank you for your time.

Do you require assistance?

Support

Telephone support

Companies that trust us

Other products you might be interested in
Website Builder
Create your own website without any programming knowledge.
Create a Website
Webhosting
Concentrate fully on your project! Performance and security included.
Rankingoach
Optimize your Web site and achieve top rankings.
Website optimization
SSL Certificates
For your site, more safety protect yourself from hacker attacks.
Quickly protect