(a) to process personal data only on behalf of the data exporter and in accordance with its instructions and clauses; if, for whatever reason, it is unable to comply, it undertakes to immediately inform the data exporter of its inability to comply, in which case the data exporter is authorized to suspend the transfer of data and/or terminate the contract; It has so far held responsible for two standard contractual clauses for the transfer of data from those responsible for processing in the EU to those responsible for processing outside the EU or the European Economic Area (EEA). In particular, standard clauses are often not suitable for a situation where complex processing of personal data is required. An organization, which is a single legal entity, could work on a branch structure and find itself in a difficult situation. The larger the company, the more difficult it will be, because a particular organization would require hundreds of clauses, both administrative and costly. On the other hand, small businesses may find the costs unattractive to the BBCR. In addition, the BBC does not cover transfers to third parties – other means are needed when the organisation transfers personal data outside its group. Many argue that the more complex the installation, the greater the degree of vulnerability and the more vulnerable a company becomes to injury. 1. The data importer cannot conclude any of its processing operations carried out on behalf of the data exporter on behalf of the clauses without the prior written consent of the data exporter. If the data importer signs its obligations under the clauses with the agreement of the data exporter, it does so only through a written agreement with the subprocessor, which imposes the same obligations on the subprocessor as those imposed on the data importer under the clauses. If the subcontractor does not comply with its data protection obligations under such a written agreement, the data importer is fully liable to the data exporter for the performance of the subprocessing obligations arising from this agreement.
As a result of our discussions on data transfers and standard contractual clauses, I learned that the customer does not even have appropriate data protection agreements with their local suppliers. Fortunately, we were able to resolve this issue quickly by signing data security agreements by all of the customer`s creditors. Whether your company or any of its suppliers is subject to the RGPD, your company must nevertheless take appropriate steps to protect its data. The impact of your company`s omission can be considerable. The European Commission may decide that standard contractual clauses provide sufficient data protection guarantees so that data can be transferred internationally. The BBC is a mandatory code of conduct for a group of companies that engages in the same economic activity. They allow the transfer of personal data to third countries and require a licence. The BFR approval mechanism is becoming easier with the application of the General Data Protection Regulation.