The Deputy Manager of treatment: the great forgotten one

The Deputy Manager of treatment: the great forgotten one

Are you a Deputy Treatment Manager, Are you a Deputy Treatment Manager, Are you a Deputy Treatment Manager?

If you don’t quite know what to answer, it is very likely that you are missing something on data protection.

If you provide services to customers that involve the processing of personal data for which they are responsible, this is of interest to you!

Definition of Subprocessor

Article 4 of the European Data Protection Regulation 679/2016(GDPR), sets out those definitions that are of interest for the purposes of understanding said Regulation, but this figure is not stated in this and the closest we have to define it, is in paragraph 8 of said article, which corresponds to the definition of “Processor processor”, which would be:

the natural or legal person, public authority, service or other body which processes personal data on behalf of the controller.”

In other words, if your client (Data Controller) hires your services and these involve the processing of personal data under his responsibility for a specific purpose that he has entrusted to you, your company would be his Data Processor.

But if, in order to provide such services, you need to rely on a supplier who also processes your customer’s data, we finally come to the sub-processor.

Example of Subcontractors

In August last year, the AEPD made public a resolution on a sanctioning process(PS- 00243-2023) in which a person made an online purchase in a department store, choosing home delivery to receive his order.

It should be noted that the delivery/transportation company was different from the one selling the product; in other words, we are dealing with a case where there is a Data Controller (company selling the product) and a Data Processor (delivery/transportation company).

In the investigation carried out by the AEPD, it was detected that the data processor had a verbal agreement with a sub-processor, who was the one who actually carried out the transport and delivery of the goods purchased online, without it being stipulated in any binding document between the parties, as established by the data protection regulations.

The sanction faced by the Data Controller for not having formalized his relationship with the Deputy Data Controller resulted in a penalty of 120,000 euros.

How to regulate the relationship with the Sub-Manager

We detail below the requirements that a Data Processor must comply with to regularize its relationship with sub-processors:

Article 28.2 of the GDPR

The Data Processor shall not use a Sub-processor without the prior written consent of the Controller.

In the same way, the Processor shall inform the Controller of any incorporation or substitution of Sub-processors, offering the Controller the possibility to oppose to it.

Article 28.4 of the GDPR

In the same way that the person in charge and the person in charge formalize their relationship in a contract, the latter must sign a contract with his or her sub-managers.

This contract will impose the same obligations that the Data Controller assumes in terms of data protection, in particular the implementation of appropriate technical and organizational measures to comply with the GDPR.

Responsibility of the Foreman for the actions of the Deputy Foreman

The Data Processor must take into account that if the Sub-processor fails to comply with its data protection obligations, it will be liable to its client or Controller.

Business Adapter® at your service

Regardless of whether you act as Responsible, Responsible or Sub Responsible, if you want us to draw up a contract to comply with the RGPD and avoid sanctions, contact us by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:

[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]

Contact us, we will be pleased to help you.
error: Content is protected !!