Data Processing Agreement

What is a Data Processing Agreement?

Since January 2016, parties who enter into an outsourcing process with each other in which personal data are processed, have to record a so-called Data Processing Agreement (DPA). This agreement arises from the Personal Data Protection Act (with linked to the Data Breach Notification Act). This processor agreement refers to a so-called “processor” and a “controller”.

In case you let Expansion handle the processing of your privacy-sensitive data – such as, for example, the digital management of your pension or HR files – Expansion is the processor and you, as our customer, are the controller. Data protection boards such as the Autoriteit Persoonsgegevens (AP) in The Netherlands) has not only made an agreement as such mandatory: the agreement must also meet a number of strict requirements.

Expansion Data Processing Agreement provides security for all parties

Formally, the responsibility for concluding the Data Processing Agreement lies with the owner of the data. Expansion offers its customers as a service the possibility to use a standard agreement. Naturally, this agreement meets the requirements of the Dutch Data Protection Authority.

Together with you, we irrefutably determine who exactly can do what, how that process proceeds and who is responsible for what. Then there can no longer be any misunderstanding: with Expansion you are guaranteed from a reliable party that processes and manages sensitive data in your order in a correct and verifiable manner.

At Expansion we understand the processes, bottlenecks and sensitivities regarding (the processing of) privacy-sensitive (digital) data and we offer our customers – literally black on white – the assurance that everything is complete, controlled and according to the rules. It is not without reason that we have been a specialist in well thought-out solutions and services for digital document management for more than 30 years. a>

Requirements for Data Processing Agreements

The Expansion Data Processing Agreement is clear and complies in content with all requirements that the Dutch Data Protection Authority places on such an agreement, such as:

1. the agreement specifically concerns the data processing by Expansion as processor.
2. The obligations that Expansion has to its customers, but also vice versa, are clearly laid down in the agreement, which includes everything concerning the processing, the type of data, the purpose of the processing, the duration of the storage and the security measures taken. .
3. In the agreement with its customers, Expansion guarantees that all appropriate technical and organizational measures are taken to protect our customer’s data.
4. The agreement states how you as our customer can check us for compliance with the agreement, optionally using the services of an external expert party.
5. All our Data Processing Agreements explicitly state that the Expansion employees involved are bound by a duty of confidentiality.
6. If other parties are involved in the services (‘sub processors’), then provisions about this are also included in the agreement.

For Expansion, these requirements are no more than a logical set of conditions for effective, stable and reliable cooperation: clear and controllable for all involved.

Purpose of Data Processing Agreements

Drawing up a Data Processing Agreement between Expansion and you as our customer has an underlying purpose. That goal is not so much to (only) comply with laws and regulations. The real goal is that you are sure that Expansion handles your privacy-sensitive data in a confidential and reliable manner. After all, without that certainty you immediately run a business risk. Data could be lost or reach rogue, unauthorized persons or agencies. There could be data breaches. In all cases, this can lead to major (intangible and / or image) damage to your company.

Expansion gives you the guarantee that you have insight into all aspects of our services. You know where you stand; You know that Expansion will do everything technically and organizationally in its power to ensure that the data processing runs smoothly for you. And the great thing is that you can check it or have it checked, because at Expansion we value transparency. No hidden conditions or covered terms: we offer you clarity and guarantees.

Expansion takes its responsibility and shares with you the responsibility for adequate and proper information management. A clear and workable Data Processing Agreement is an essential part of this.

Do you want to know more about Data Processing Agreements or more specific about our standard format?