What is a privacy statement, and what is the difference from a data protection agreement?
When processing personal data, you are obliged to do so in a transparent manner. This means that you must inform the data subjects about the processing in an accessible and understandable way, for example through a privacy statement or policy. A privacy statement provides information to the data subject on the type of personal data that is processed, for which purposes, the legal basis for processing, which rights the data subjects have, which data processors are used, and so on.
A data processing agreement, on the other hand, is intended to ensure that privacy regulation is complied with if a data controller chooses to outsource its data processing (as almost everyone does today). The agreement is entered into by the data controller and his IT provider, who will be the data processor. It is particularly important to ensure that the data controller can instruct the data processor, to ensure compliance.
Contact us if you need help setting up, or you are considering, a privacy statement or data processing agreement.