For IT companies, it is absolutely imperative to know one’s Data Processing Agreement when working with classified information. According to EU Data regulations, content must include rules about the data controller’s explicit consent to use data processors, demands concerning the data controller’s choice to reverse or delete data, as well as increased demands for data security.
It must be clarified in the agreement that the data processor solely acts on the instructions provided by the data controller, and that the data processor must undertake various technical and organisational security precautions. These precautions are to safeguard against the following
Once the data controller hands over the processing of information to a data processor, the data controller must be able to guarantee that the data processor can undertake the correct technical and organisational security precautions. The data controller must also be able to demonstrate that this occurs. It is up to the data controller to actively ensure that the necessary security precautions are taken by the data processor. Moreover, in this context, it may be appropriate to undertake an annual audit, carried out by an independent third party.
This is where B4Restore makes a difference. We have extensive experience with Data Processor Agreements, including both design and accession. We make policy drafts, create frameworks, and build up your service level agreements accordingly.
Our ISO 27001 certification and our auditor’s ISAE 3000 service assurance statement, provide our clients with a blueprint of our overall data security practice and commitment. The notion that we have obtained both ISO 27001 and ISAE 3000, documents that our clients’ business critical and sensitive data is in safe hands, and that the data processing and management will meet both legal and auditing obligations - e.g.: