IAPP recently submitted a draft data processing agreement as part of the upcoming book “Negotiating Data Processing Agreements.” For next month, comments on the draft will be adopted in order to continue to approve this agreement. This article discusses how data is processed, why it is needed, and some important provisions that it must contain. 9. Other definitions: other important defined concepts – such as “personal data” and “treatment” – must, if necessary, reflect the existing provisions of the existing legislation. 23 This approach is often preferred because the language required may supersede the primary agreement and data processing provisions may need to be amended from time to time to comply with changing laws. IAPP, supra Note 5, at 2-3. 22 For the purposes of developing and negotiating data processing contracts, lawyers must consider incidents of injury to be unavoidable or, at the very least, very likely. John Chambers, What Does the Internet of Everything Mean for Security?, World Econ. Forum (January 21, 2015) (“There are two types of businesses: those that have been hacked and those that do not yet know they have been hacked.”).
There are always at least two parties to a data processing contract and, as data protection experts, our goal should be to meet the strategic needs of all stakeholders, including signatories and, increasingly, downstream processors and the individuals themselves. When contracts involve personal data, it is important to consider the person`s point of view. Increased transparency requirements imposed by laws such as the EU`s General Data Protection Regulation and the California Consumer Privacy Act give individuals more transparency than ever about how their data is shared with multiple companies and the purposes. Ignoring consumer expectations, it is increasingly likely that there will be problems long after contracts have been negotiated and passed. 11. Compliance: Data processing agreements should not be seen as a mere processing platform and the parties should take into account the importance of effective compliance with these agreements. For this reason, the parties should strive to promote the simplicity and consistency of their data processing agreements. With a consistent organizational position on data protection, partnership agreements can be more open and collaborative. If you are truly informed of your organization`s priorities and practices, the effectiveness of the contracts will be greatly improved and the conditions will be met.