vi) help the data controller to comply with the requirements for the security of personal data, note that the agreement mentions employees, representatives and subcontractors – a good way to cover all the bases. A processor may not process the data in a manner contrary to data protection rules, even on the instructions of the data controller. In this way, both parties should comply with data protection standards. Every company and every business agreement is different and your GDPR data processing agreement may vary depending on the type of data processing. However, some general clauses apply to most situations. 10.3. The processor will ensure that all staff members of the processor who are necessary to access the personal data are required to comply with the obligation of confidentiality set out in the agreement or to be subject to a legal obligation of confidentiality. 9.2. Where a data controller originates in a country (with the exception of an EEA country) with one or more laws that impose restrictions or prohibitions on data transmission and the data controller has informed the processor of such restrictions or prohibitions on data transmission, the controller and the processor shall ensure that there is an appropriate transmission mechanism (meeting the country`s data transmission requirements). data transmission).

as reasonably requested by the data controller and before the data controller`s data is transferred or accessed outside that country, and is mutually agreed between the two parties. For the avoidance of doubt, this transmission restriction does not apply to the data controller or authorized users of its affiliated companies who have access to the data controller`s software and data, and the processor is not responsible for the actions of the data controller or authorized users of its affiliated companies. . . .