2.4 Digitalocean processing of personal data. As a processor, DigitalOcean processes personal data only for the following purposes: (i) processing for the performance of services in accordance with the agreement; (ii) the treatment to complete all the necessary steps to carry out the contract; and (iii) other appropriate customer instructions, as long as they comply with the terms of this Agreement and only in accordance with the Customer`s documented legal instructions. The parties agree that this data protection authority and the agreement require full and definitive instructions from the Client to DigitalOcean regarding the processing of personal data and the processing outside the scope of these instructions (if any) requires prior written agreement between the customer and DigitalOcean. What does my company need to do to ensure compliance? First, identify each relationship your company has with suppliers, customers, subcontractors or contractors, agents, resellers, distributors, etc., in which you provide them with personal data or in which you are dividing personal data. Second, for each of these relationships, identify whether you are the data manager or you are the data processor. Depending on the answer, you would like to agree on a slightly different data clause – as the data manager, you will inevitably want to transfer as many loads as possible to the data processor, but as the data manager, you want the processor to be fully responsible for compliance with the law. Finally, it is established that there is a written contract between the two parties. If there is an existing contract, you must accept a change to that contract (which, in principle, should not be a problem, as the other party should also be interested in amending the contract in order to comply with the RGPD). If you do not have an existing contract, you must enter into a written agreement to ensure that the agreement contains the necessary data clause. Depending on the timetable, you may be able to use the „standard clauses” published by the European Commission or the UK government. All contracts that you enter into that contain a personal data stream should include an appropriate data clause that corresponds to the RGPD. Q-AsMune company doesn`t really care about written contracts – is that a problem? Ignore the broader questions, not record a written agreement, and focus exclusively on the data elements – the answer is: „It`s important.” If you use a subcontractor to process personal data (including basic data such as a person`s name and contact information) on your behalf, or if you are a subcontractor working under the orders of a processing manager, there must be a brief written agreement.
