A processor is a third party or colleague project beneficiary which processes (personal) data for a Controller. A (sub) processor is bound to a Processing Agreement in which roles and rights of Data Subject, Controller and Processor are laid down.
When PNO works for a client, this Client has the legal task to have a processing agreement on file. When PNO hires a third party, PNO has the task to archive a processing agreement.
When PNO works in a Consortium most times there are no clients but users/participants. When PNO hires a third party, PNO has the task to archive a processing agreement. When PNO shares project data with other beneficiaries, roles/rights must be written down in the consortium agreement, the annex and/or a processing agreement. In case of doubt use a processing agreement.
For a processing agreement, schedule 1 must be filled out and for this, a DPIA (light) has to be performed.
| In any case specify: | ||
| 1 | The nature and purpose of the Processing activities | What, why, when |
| 2 | The type of Personal Data | Listing/grouping |
| 3 | The categories of Personal Data | For business/project admin lowest risk For ffiqs/Marketing medium risk because of volume |
| 4 | The categories of Data Subjects | Business/project staff Website/channel user |
| 5 | The categories of Personal Data recipients | Other PNO B.V.s Government / consortium partners, Processors and (sub) Processors |