GDPR ASSESSMENT OF SUBCONTRACTING

The GDPR (General Data Protection Regulation) requires companies that outsource the processing of personal data to processors to ensure that they provide an adequate level of data protection. This means companies must assess their processors' compliance with the GDPR.

To assess subcontractor compliance, companies must:

• Identify subcontractors who process personal data on their behalf.
• Review existing subcontracting agreements to ensure they contain all mandatory clauses required by the GDPR.
• Request that subcontractors provide information about their personal data processing practices, such as security measures in place, privacy policies, data retention practices, etc.
• Verify that subcontractors have implemented appropriate technical and organizational measures to protect personal data processed on behalf of the company.
• Verify that subcontractors are able to respond to requests to exercise data subjects' rights, such as the right of access, rectification, deletion and opposition.
• Regularly assess subcontractor compliance and conduct on-site audits if necessary.
• Maintain data processing records that include information on sub-processors and their compliance.

In short, it is essential for companies to ensure that their subcontractors comply with the GDPR in order to avoid personal data protection breaches and maintain the trust of their customers.

The profiles of the company's subcontractors for the processing of personal data may vary depending on the company's activities and data processing needs. Here are some examples of common subcontractor profiles:

• IT service providers that manage the company's IT systems, including data centers, cloud providers, network managers, backup service providers, technical support service providers, etc. In short, all the partners who have access in one way or another to your company's personal data... It can quickly become a lot of people.
• Marketing service providers who manage online marketing campaigns, including advertising agencies, digital marketing agencies, ad targeting solution providers, email marketing service providers, social media managers, etc.
• Payment service providers that handle the company's financial transactions, including banks, online payment service providers, mobile payment solution providers, etc.
• HR service providers that manage employees' personal data, including payroll service providers, accounting firms, payroll management solution providers, recruitment firms, training organizations that you commission to develop the skills of your employees, but also those to whom you entrust annual interviews, audits and skills assessments, benefits management service providers, etc.
• Customer data processing service providers who handle the personal data of the company's customers, including call centers, survey management service providers, sales data processing service providers, such as delivery companies, etc.

It is important for the company to identify all subcontractors who process personal data on its behalf and to ensure that they guarantee an adequate level of data protection, as required by the GDPR.