The European Union’s new General Data Protection Regulation (GDPR), regulates the processing by a company or an organization of personal data relating to individuals in the EU and has come into force since 25 May 2018.
As a responsible, forward-looking business, NLG recognizes the need to comply with the GDPR and, as a controller, has taken steps to ensure that effective measures are in place to protect the personal data of our customers, employees and other stakeholders, and to ensure that it is processed lawfully, fairly and transparently.
You act as a processor on our behalf for some of the personal data for which we are a controller and, as part of meeting our mutual legal obligations, we are required to have in place a data processing agreement (or similar contractual arrangement) with you.
With respect to the processing of personal data you perform on our behalf, this agreement is required to cover:
The subject matter and duration of the processing The nature and purpose of the processingThe type of personal data and categories of data subjectsAssistance with meeting our obligations and rights as a controllerRequired contractual termsIf not already present, we will be working with you to ensure that such an agreement is in place and that both parties’ legal responsibilities are fulfilled.
In this context, please provide a description of your planned actions and timelines for implementation for requirements that are not currently fulfilled.