Are you a processor?

Whenever you process personal data for your client, e.g. as a cloud provider, outsourced data centre, IT service provider with the ability to access personal data, as a letter or mailing shop and much more, the provisions of the General Data Protection Regulation (GDPR) on commissioned processing (Art. 28 GDPR) apply. This entails a wide range of obligations. But it is not only the GDPR itself that requires you to comply with certain data protection requirements. Your client also often expects you to comply with data protection law beyond the scope of what is already required by the GDPR. Your client does this because he also has clients who expect him to only use subcontractors who adhere to their specifications. This can lead to a chain of contracts that impose the same specifications as the OEM on all intermediary service providers, right down to the last supplier. If you want to keep your contracts, you should therefore take data protection seriously. As a processor, THALES is also there to help you in word and deed. Please feel free to contact us at any time.