Sign a data processing agreement — Sign a data processing agreement between your organization and any third parties that process personal data on your behalf
This includes any third-party services that handle the personal data of your data subjects, including analytics software, email services, cloud servers, etc. The vast majority of services have a standard data processing agreement available on their websites for you to review. They spell out the rights and obligations of each party for GDPR compliance. You should only use third parties that are reliable and can make sufficient data protection guarantees.
| Property | Value |
|---|---|
| Section | Accountability and governance |
| Owner | operator |
Mapped Controls
| Control | Title |
|---|---|
| SID-ORG-04 | Supplier and Third-Party Security |