Earlier on in June 2021, the European Commission adopted a document setting out standard clauses which must be used in executing contracts for processing of personal data, to become valid and binding as of 27 June (…)

“In practice, however, the possibilities of using such rights may prove somewhat illusory. The more entities involved in processing, the easier it is to dilute responsibility. A catalogue of basic duties which, as a bare minimum, must be stipulated in the data controller’s contract with the entity entrusted with such data’s processing is already laid down in the GDPR. Significantly enough, however, these provisions were informed by regulatory and technical realities from the early 2000s. Formally speaking, this new decision does not introduce any new requirements; it does, meanwhile, create instruments which should enable meeting the current ones, and demonstrating compliance with the rules as they now are”, explains Marcin Maciejak, associate with GESSEL.

The full text of this article is available (in Polish) in Rzeczpospolita. If you are interested in an English-language version or in discussing the issues raised herein with one of our lawyers, please contact: kontakt@gessel.pl.