General Data Protection Regulation (GDPR)

Retain focus on the Data Processing Agreement

For IT companies, it is absolutely imperative to know one’s Data Processing Agreement when working with classified information. According to EU Data regulations, content must include rules about the data controller’s explicit consent to use data processors, demands concerning the data controller’s choice to reverse or delete data, as well as increased demands for data security.

Data processing agreement

 

How do you deal with a Data Processing Agreement?

It must be clarified in the agreement that the data processor solely acts on the instructions provided by the data controller, and that the data processor must undertake various technical and organisational security precautions. These precautions are to safeguard against the following

 

  • Information being accidentally or illegally destroyed, lost or compromised
  • Information being passed on to unauthorized persons or misused
  • Information being processed in violation of the personal data confidentiality law

 

Once the data controller hands over the processing of information to a data processor, the data controller must be able to guarantee that the data processor can undertake the correct technical and organisational security precautions. The data controller must also be able to demonstrate that this occurs. It is up to the data controller to actively ensure that the necessary security precautions are taken by the data processor. Moreover, in this context, it may be appropriate to undertake an annual audit, carried out by an independent third party.

 

We can help

This is where B4Restore makes a difference. We have extensive experience with Data Processor Agreements, including both design and accession. We make policy drafts, create frameworks, and build up your service level agreements accordingly.

 

 

Contact us

We provide next generation data security
 

ISO 27001 certified

 

 

 

ISO certificeret storage og backupleverandør

 

 

ISAE 3000 auditors IT statement

Control, Continuity and Confidence

Our ISO 27001 certification and our auditor’s ISAE 3000 service assurance statement, provide our clients with a blueprint of our overall data security practice and commitment. The notion that we have obtained both ISO 27001 and ISAE 3000, documents that our clients’ business critical and sensitive data is in safe hands, and that the data processing and management will meet both legal and auditing obligations - e.g.:

 

  • Separation of duties
  • Risk management
  • Employee safety
  • Physical security
  • Access control
  • Logical security
  • Operational reliability
  • 24x7 surveillance

 

 

Contact us to learn more