PNO Controller role on Compliance service for clients based on ‘GDPR shared responsibility’ and when preferred by the client / Contractor accompanied by a Processing Agreement.
GDPR road-map:
1 – The combination of a signed contract (Dutch: Overeenkomst van Opdracht or OvO) on Advice – Management support together with the PNO Privacy Statement and PNO General Terms & Conditions will cover all liabilities with respect to the GDPR.
2 – Do not change the Privacy Statement and General Terms & Conditions.
3 – Make sure the contract covers a maximum liability.
When a client demands a Processing Agreement:
A – Follow 1,2 and 3 above.
B – Fill out a Processing Agreement, sign off, and send it to the client. A standard prefilled ‘Schedule 1 Processing Personal Data’ is available at ffiqs.
The Processing Agreement is a document the client must keep in its archive. Sometimes clients provide an own version of a Processing Agreement which must be checked by PNO Legal or the PNO DPO using email legal@pnoconsultants.com or gdpr@pno.group