A processor is a third party or colleague project beneficiary which processes (personal) data for a Controller. A (sub) processor is bound to a Processing Agreement in which roles and rights of Data Subject, Controller and Processor are laid down.
When PNO works for a client, this Client has the legal task to have a processing agreement on file. When PNO hires a third party, PNO has the task to archive a processing agreement.
When PNO works in a Consortium most times there are no clients but users/participants. When PNO hires a third party, PNO has the task to archive a processing agreement. When PNO shares project data with other beneficiaries, roles/rights must be written down in the consortium agreement, the annex and/or a processing agreement. In case of doubt use a processing agreement.
For a processing agreement, schedule 1 must be filled out and for this, a DPIA (light) has to be performed.
|In any case specify:|
|1||The nature and purpose of the Processing activities||What, why, when|
|2||The type of Personal Data||Listing/grouping|
|3||The categories of Personal Data||For business/project admin lowest risk|
For ffiqs/Marketing medium risk because of volume
|4||The categories of Data Subjects||Business/project staff|
|5||The categories of Personal Data recipients||Other PNO B.V.s|
Government / consortium partners, Processors and