{"id":18112,"date":"2022-06-20T11:57:45","date_gmt":"2022-06-20T10:57:45","guid":{"rendered":"https:\/\/www.rosello-mallol.com\/?p=18112"},"modified":"2023-04-27T11:45:14","modified_gmt":"2023-04-27T10:45:14","slug":"gdpr-compliance-provider-control","status":"publish","type":"post","link":"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/","title":{"rendered":"GDPR compliance and provider control in 4 steps"},"content":{"rendered":"\n<p>The hiring of providers with access to personal data owned by our company is an undeniable fact and, over time, has been consolidated and expanded to include any type of organization, from the smallest to the largest. Therefore, <strong>some steps must be followed for GDPR compliance and provider control.<\/strong><\/p>\n\n\n\n<p>In April\u2019s <a href=\"https:\/\/www.rosello-mallol.com\/en\/differences-data-transfer-commissioning\/\">post<\/a> we focused on the difference betw<strong>een this access to data and the transfer of data to third parties<\/strong> (nothing to do with each other). Today, however, we want to expand on this and <strong>give to you the keys to understanding what to do to comply with the GDPR<\/strong> when a provider has access, for example, to the data of our customers, employees, leads, etc. By following these steps and asking these questions, you will be able to have a correct GDPR compliance and provider control.<\/p>\n\n\n\n<p>Before this, however, some of the common cases of providers with data access are:<\/p>\n\n\n\n<ul>\n<li>CRM or ERP applications or softwares hosted in the cloud.<\/li>\n\n\n\n<li>Platforms for sending and managing email marketing campaigns.<\/li>\n\n\n\n<li>External backups.<\/li>\n\n\n\n<li>Employee time control applications or programs.<\/li>\n\n\n\n<li>Computer maintenance services.<\/li>\n\n\n\n<li>Labour management.<\/li>\n<\/ul>\n\n\n\n<p>So let&#8217;s go through the 4 steps that must be followed to ensure access to the data by these providers, among others, complies with the GDPR:<\/p>\n\n\n\n<ol>\n<li><span style=\"text-decoration: underline;\">Clearly specify the data they can access and for what purpose.<\/span><\/li>\n<\/ol>\n\n\n\n<p>One of your essential tasks as data controller is to ensure that these providers (data processors) <strong>access only the necessary data to provide the service<\/strong> and that the purpose of such access to the data is clearly identified. Providers, therefore, will never be able to access more data than they need to provide the service or exceed the purpose for which they have been given access to the data.<\/p>\n\n\n\n<ol start=\"2\">\n<li><span style=\"text-decoration: underline;\">Check the location of the provider and, more importantly, whether they outsource part of the contracted service<\/span><\/li>\n<\/ol>\n\n\n\n<p><strong>Very important<\/strong>. When reviewing compliance with the GDPR by the provider, you must ascertain the location from which they provide the service and, therefore, &#8220;where&#8221; the personal data to which they have access will go. Procurement of providers from outside the EU has special requirements (see Point 3).<\/p>\n\n\n\n<p>Also, find out whether the chosen provider subcontracts part or all of its services, and again, where these subcontractors are located. As the controller, you must know the subcontractors and also authorize subcontracting by contract.<\/p>\n\n\n\n<ol start=\"3\">\n<li><span style=\"text-decoration: underline;\">Providers outside the EU.<\/span><\/li>\n<\/ol>\n\n\n\n<p>Globalization in the provision of services, especially digital, has made it possible for them to be provided from virtually anywhere in the world. What is easy for business can also be a challenge for compliance with the GDPR because it may, in practice, mean that personal data is hosted outside the EU. This fact, <strong>which is not forbidden<\/strong>, does imply that <strong>you must have or meet special requirements<\/strong>. Again, it depends on where this provider is located and, based on that:<\/p>\n\n\n\n<ol>\n<li>If it is located in what is considered an <a href=\"https:\/\/commission.europa.eu\/law\/law-topic\/data-protection\/international-dimension-data-protection\/adequacy-decisions_en\" target=\"_blank\" rel=\"noreferrer noopener\">appropriate<\/a> territory by the European Commission, treat the provider as if it were established within the EU.<\/li>\n<\/ol>\n\n\n\n<ol start=\"2\">\n<li>Otherwise, the most common thing will be to have the provider sign one of the model <a href=\"https:\/\/ec.europa.eu\/info\/law\/law-topic\/data-protection\/international-dimension-data-protection\/standard-contractual-clauses-scc\/standard-contractual-clauses-international-transfers_en\">contract<\/a>s prepared by the EU for this purpose.<\/li>\n<\/ol>\n\n\n\n<p><span style=\"text-decoration: underline;\">4. Ensure that you apply security measures.<\/span><\/p>\n\n\n\n<p>The application of appropriate security measures to the type of data processed <strong>is one of the basic obligations of data controllers<\/strong>. In this sense, it is usually common practice for processors to complete provider questionnaires to verify compliance with regulations. <\/p>\n\n\n\n<p>This is a widespread and useful practice in this regard. The measures range from the duty to report security incidents, keeping an up-to-date record of activities to the need to carry out an adequate risk analysis on the data processed. Measures must be tailored to each type of provider and process.<\/p>\n\n\n\n<p><span style=\"text-decoration: underline;\">Final recommendation:<\/span><\/p>\n\n\n\n<p>Last but not least: you must check that the relationship with the provider is regulated in a written contract or under certain conditions, which include at least the four points detailed above.<\/p>\n\n\n\n<p>The absence of a contract, in addition to implying a breach of the GDPR, is a clear risk for both parties when it comes to clearly delimiting the responsibilities of each one in the processing of personal data.<\/p>\n\n\n\n<p>If you need more information about this or any other issue, please don&#8217;t hesitate to contact us:<\/p>\n\n\n\n<div class=\"wp-block-contact-form-7-contact-form-selector\">\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f13645-o1\" lang=\"en-US\" dir=\"ltr\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/en\/wp-json\/wp\/v2\/posts\/18112#wpcf7-f13645-o1\" method=\"post\" class=\"wpcf7-form init mailchimp-ext-0.5.72\" aria-label=\"Contact form\" novalidate=\"novalidate\" data-status=\"init\">\n<div style=\"display: none;\">\n<input type=\"hidden\" name=\"_wpcf7\" value=\"13645\" \/>\n<input type=\"hidden\" name=\"_wpcf7_version\" value=\"5.9.3\" \/>\n<input type=\"hidden\" name=\"_wpcf7_locale\" value=\"en_US\" \/>\n<input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f13645-o1\" \/>\n<input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/>\n<input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/>\n<input type=\"hidden\" name=\"_wpcf7_recaptcha_response\" value=\"\" \/>\n<\/div>\n<p><label> Name (required) <span class=\"wpcf7-form-control-wrap\" data-name=\"your-name\"><input size=\"40\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required uk-input\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"your-name\" \/><\/span> <\/label>\n<\/p>\n<p><label> Email (required) <span class=\"wpcf7-form-control-wrap\" data-name=\"your-email\"><input size=\"40\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email uk-input\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"email\" name=\"your-email\" \/><\/span> <\/label>\n<\/p>\n<p><label> Contact phone (telephone contact) <span class=\"wpcf7-form-control-wrap\" data-name=\"telefon\"><input size=\"40\" class=\"wpcf7-form-control wpcf7-text uk-input\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"telefon\" \/><\/span> <\/label>\n<\/p>\n<p><label> Message <span class=\"wpcf7-form-control-wrap\" data-name=\"your-message\"><textarea cols=\"40\" rows=\"5\" class=\"wpcf7-form-control wpcf7-textarea uk-textarea\" aria-invalid=\"false\" name=\"your-message\"><\/textarea><\/span> <\/label>\n<\/p>\n<p><span class=\"wpcf7-form-control-wrap\" data-name=\"aceptacion-RGPD\"><span class=\"wpcf7-form-control wpcf7-acceptance\"><span class=\"wpcf7-list-item\"><label><input type=\"checkbox\" name=\"aceptacion-RGPD\" value=\"1\" aria-invalid=\"false\" \/><span class=\"wpcf7-list-item-label\">I read and accept the <a href=\"https:\/\/www.rosello-mallol.com\/en\/policy-privacy\/\" target=\"_blank\">Privacy Policy<\/a><\/span><\/label><\/span><\/span><\/span><br \/>\n<label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"acceptance-360\"><span class=\"wpcf7-form-control wpcf7-acceptance optional\"><span class=\"wpcf7-list-item\"><label><input type=\"checkbox\" name=\"acceptance-360\" value=\"1\" aria-invalid=\"false\" \/><span class=\"wpcf7-list-item-label\">I agree to receive the newsletter.<\/span><\/label><\/span><\/span><\/span><br \/>\n<input class=\"wpcf7-form-control wpcf7-submit has-spinner uk-button uk-button-primary\" type=\"submit\" value=\"Send\" \/><\/label>\n<\/p><p style=\"display: none !important;\" class=\"akismet-fields-container\" data-prefix=\"_wpcf7_ak_\"><label>&#916;<textarea name=\"_wpcf7_ak_hp_textarea\" cols=\"45\" rows=\"8\" maxlength=\"100\"><\/textarea><\/label><input type=\"hidden\" id=\"ak_js_1\" name=\"_wpcf7_ak_js\" value=\"25\"\/><script>document.getElementById( \"ak_js_1\" ).setAttribute( \"value\", ( new Date() ).getTime() );<\/script><\/p><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div><p style=\"display: none !important\"><span class=\"wpcf7-form-control-wrap referer-page\"><input type=\"hidden\" name=\"referer-page\" value=\"http:\/\/Direct%20Visit\" data-value=\"http:\/\/Direct%20Visit\" class=\"wpcf7-form-control wpcf7-text referer-page\" aria-invalid=\"false\"><\/span><\/p>\n<!-- Chimpmatic extension by Renzo Johnson -->\n<\/form>\n<\/div>\n<\/div>\n\n\n\n<h6 class=\"wp-block-heading\">Information on data protection<\/h6>\n\n\n\n<p><small><strong>Company name<\/strong><br>LEGAL IT GLOBAL 2017, SLP<br><\/small><small><strong>Purpose<br><\/strong><\/small><small>Providing the service.<br><\/small><small>Sending the newsletter.<br><\/small><small><strong>Legal basis<br><\/strong>Compliance with the service provision.<br>Consent.<br><\/small><small><strong>Recipients<\/strong><br>Your data will not be shared with any third party, except service providers with which we have signed a valid service agreement.<\/small><br><small><strong>Rights<\/strong><br>You may access, rectify or delete your data and exercise the rights indicated in our Privacy Policy.<\/small><br><small><strong>Further information<\/strong><br>See the&nbsp;<a href=\"https:\/\/www.rosello-mallol.com\/en\/policy-privacy\/\" target=\"_blank\" rel=\"noreferrer noopener\">Privacy Policy<\/a>.<\/small><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The hiring of providers with access to personal data owned by our company is an undeniable fact and, over time, has been consolidated and expanded to include any type of organization, from the smallest to the largest. Therefore, some steps must be followed for GDPR compliance and provider control. In April\u2019s post we focused on [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":18108,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[246],"tags":[449,522,439,395,1124,396,967,1127,394,1128,575,1126],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>GDPR compliance and provider control in 4 steps | Rosell\u00f3 Mallol<\/title>\n<meta name=\"description\" content=\"I explain the 4 steps to follow for GDPR compliance and the provider control that have access to personal data, very important nowadays\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GDPR compliance and provider control in 4 steps | Rosell\u00f3 Mallol\" \/>\n<meta property=\"og:description\" content=\"I explain the 4 steps to follow for GDPR compliance and the provider control that have access to personal data, very important nowadays\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/\" \/>\n<meta property=\"og:site_name\" content=\"Rosell\u00f3 Mallol\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-20T10:57:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-27T10:45:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/business-g167ea7bff_1280.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"960\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marketing\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@vic_rosello\" \/>\n<meta name=\"twitter:site\" content=\"@vic_rosello\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marketing\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GDPR compliance and provider control in 4 steps | Rosell\u00f3 Mallol","description":"I explain the 4 steps to follow for GDPR compliance and the provider control that have access to personal data, very important nowadays","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/","og_locale":"en_US","og_type":"article","og_title":"GDPR compliance and provider control in 4 steps | Rosell\u00f3 Mallol","og_description":"I explain the 4 steps to follow for GDPR compliance and the provider control that have access to personal data, very important nowadays","og_url":"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/","og_site_name":"Rosell\u00f3 Mallol","article_published_time":"2022-06-20T10:57:45+00:00","article_modified_time":"2023-04-27T10:45:14+00:00","og_image":[{"width":1280,"height":960,"url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/business-g167ea7bff_1280.jpg","type":"image\/jpeg"}],"author":"Marketing","twitter_card":"summary_large_image","twitter_creator":"@vic_rosello","twitter_site":"@vic_rosello","twitter_misc":{"Written by":"Marketing","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/#article","isPartOf":{"@id":"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/"},"author":{"name":"Marketing","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/54fe3a9119386ad1ec22a0f09bc21147"},"headline":"GDPR compliance and provider control in 4 steps","datePublished":"2022-06-20T10:57:45+00:00","dateModified":"2023-04-27T10:45:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/"},"wordCount":796,"publisher":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#organization"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/business-g167ea7bff_1280.jpg","keywords":["Data Protection","EU","European Union","gdpr","GDPR compliance","gdpr compliant","LOPD","provider control","RGPD","security measures","startups","suppliers"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/","url":"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/","name":"GDPR compliance and provider control in 4 steps | Rosell\u00f3 Mallol","isPartOf":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/#primaryimage"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/business-g167ea7bff_1280.jpg","datePublished":"2022-06-20T10:57:45+00:00","dateModified":"2023-04-27T10:45:14+00:00","description":"I explain the 4 steps to follow for GDPR compliance and the provider control that have access to personal data, very important nowadays","breadcrumb":{"@id":"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/#primaryimage","url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/business-g167ea7bff_1280.jpg","contentUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/business-g167ea7bff_1280.jpg","width":1280,"height":960,"caption":"GDPR compliance and provider control"},{"@type":"BreadcrumbList","@id":"https:\/\/www.rosello-mallol.com\/en\/gdpr-compliance-provider-control\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Inici","item":"https:\/\/www.rosello-mallol.com\/en\/"},{"@type":"ListItem","position":2,"name":"GDPR compliance and provider control in 4 steps"}]},{"@type":"WebSite","@id":"https:\/\/www.rosello-mallol.com\/en\/#website","url":"https:\/\/www.rosello-mallol.com\/en\/","name":"Rosell\u00f3 Mallol","description":"Despatx advocats experts en TIC i Protecci\u00f3 de dades","publisher":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rosello-mallol.com\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rosello-mallol.com\/en\/#organization","name":"Rosell\u00f3 Mallol - Advocats especialistes en dret digital","url":"https:\/\/www.rosello-mallol.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/logo-definitiu-web.png","contentUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/logo-definitiu-web.png","width":4000,"height":736,"caption":"Rosell\u00f3 Mallol - Advocats especialistes en dret digital"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/twitter.com\/vic_rosello","https:\/\/www.instagram.com\/rosellomallol\/","https:\/\/www.linkedin.com\/in\/victorrosello\/","https:\/\/www.youtube.com\/channel\/UCxcqAdksWzsEaZ5UYoFJd0Q\/featured"]},{"@type":"Person","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/54fe3a9119386ad1ec22a0f09bc21147","name":"Marketing","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/c298f7002ea52eec3d8a408ed8ef4fdf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c298f7002ea52eec3d8a408ed8ef4fdf?s=96&d=mm&r=g","caption":"Marketing"},"url":"https:\/\/www.rosello-mallol.com\/en\/author\/marketing\/"}]}},"jetpack_featured_media_url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/business-g167ea7bff_1280.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts\/18112"}],"collection":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/comments?post=18112"}],"version-history":[{"count":0,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts\/18112\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/media\/18108"}],"wp:attachment":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/media?parent=18112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/categories?post=18112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/tags?post=18112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}