Do I need a data processing agreement (DPA) with PlainStaff?

Problem

You want to know whether you need an order processing contract (AVV) with PlainStaff for data protection reasons and what conditions this contract should contain.

Solution

yes, as a customer of PlainStaff you need a data processing agreement (DPA) in accordance with the GDPR, as PlainStaff processes personal data for you as a processor.
request a draft DPA directly from PlainStaff support.
the DPA contains the following important components:
- Technical and organisational measures (TOM) for data protection
- Information on the location of data processing and corresponding data protection provisions
- Regulations on subcontractors and their data protection compliance
check the draft DPA for the following points:
- Completeness of the technical and organisational measures
- Clear information on the place of data processing (particularly important for processing outside the EU)
- Clear regulations regarding subcontractors (consent requirement or possibility of objection)
in the case of subcontractors with data processing outside the EU (e.g. USA), you should pay attention to corresponding additional agreements such as standard contractual clauses (SCC).

Further information

PlainStaff will provide all necessary documents such as the draft DPA and the technical and organisational measures (TOM) on request.
Special data protection regulations must be observed for data processing outside the EU.
For certain subcontractors (e.g. payment service providers such as Stripe), special regulations may apply in accordance with Art. 49 para. 1 a) GDPR, which require the express authorisation of the client.
The DPA supplements the existing contract with PlainStaff and does not need to be concluded separately.

Do I need a data processing agreement (DPA) with PlainStaff?

Problem

Solution

Further information

Related topics