Data processing within the meaning of the BDSG is the collection, processing or use of personal data by a service provider on behalf of the responsible office. Article 11 BDSG describes in detail which rights, obligations and measures are to be taken by a contract between the client (responsible body) and the contractor (service provider).
Sources: https://www.datenschutz-wiki.de/Auftragsdatenverarbeitung and https://en.wikipedia.org/wiki/Data_processing
As soon as a company commissions external service providers with the data processing, it is an order processing. The external data processing may occur, for example, in the following cases:
This short enumeration shows: In most cases, you will need an order processing contract whenever external service providers have access to your customers' personal data.
The Federal Data Protection Act defines personal data as individual information about the personal or factual circumstances of a specific or identifiable natural person (§ 3 Paragraph 1 BDSG).
In plain language: All data and information that can be used to establish a personal reference are personal data, including, for example, personal data:
Practical experience: If you use Google Analytics, you must enter into a corresponding contract with Google for the processing of order data. If you request the e-mail address of your customers for a newsletter to be sent (via your external newsletter provider), then personal data will be transmitted to your external service provider.
Section 11 para. 2 sentence 2 BDSG regulates which points must be regulated in the contract data processing agreement:
The GDPR also makes things easier: the contract processing agreement can also be made available electronically. If the contracts for Google Analytics use had to be sent to Ireland before the GDPR, one click in the administration interface is now sufficient to conclude the contract with Google. What is important here, however, is that the providers can document the contract conclusions and assign them to their customers.
You can find the order processing contract in your customer area: My data > Order processing.
By clicking on the small box, you agree to the order processing contract. Then click on the button "Create contract". The contract will then be sent to you at the e-mail address provided. Additionally you have the possibility to download the contract by clicking on the button "Download". The contract is stored here and can be downloaded again at any time.
We would like to point out that our website is for information purposes only and does not constitute legal advice. The content of this offer cannot replace a binding legal advice. All information is without guarantee of correctness and completeness.
Send an email