PNO Controller role on Advice – Management support for clients based on ‘GDPR Shared responsibility‘. Examples: advice and/or assistance on innovation financing (WBSO, MIT, etc.), portfolio -, program – and/or project management (most EU project work).
GDPR road-map:
1 – The combination of a signed contract (Dutch: Overeenkomst van Opdracht or OvO) on Advice/Management support together with the PNO Privacy Statement and PNO General Terms & Conditions will cover all liabilities with respect to the GDPR.
2 – Do not change the Privacy Statement and General Terms & Conditions.
3 – Make sure the contract covers a maximum liability.
When a client demands a Processing Agreement:
A – Follow 1,2 and 3 above.
B – Fill out a Processing Agreement, sign off, and send it to the client. A standard prefilled ‘Schedule 1 Processing Personal Data’ is available for various financing mechanisms at gdpr@pno.group.
PS Perhaps include schedules here.
The Processing Agreement is a document the client must keep in its archive. Some clients use (procurement) policies that demand an agreement in which case PNO assumes the role of Processor. Sometimes clients provide an own version of a Processing Agreement which must be checked by PNO Legal or the PNO DPO using email legal@pnoconsultants.com or gdpr@pno.group.