<iframe src="//www.googletagmanager.com/ns.html?id=GTM-5T7PGR" height="0" width="0" style="display:none;visibility:hidden">


Checklist for a Controller and Processor Agreement under GDPR

Posted by on Oct 31, 2018 12:55:49 PM

One of the requirements of the EU General Data Protection Regulation (GDPR) is that controllers of personal data have written contracts with each of their processors, meaning the people and entities processing personal data on the controller's behalf. 


The GDPR also sets out a list of requirements of what must be covered in a contract with a processor.

Download our checklist to see whether your controller-processor agreements cover all of the required points.

Download Checklist  Controller & Processor  Agreement

Interested in this hot topic?

Join us at our Privacy Breakfast on 5 December 2018

"How to deal with a data breach"

Almost daily there are media reports of data loss, theft or unauthorised access. According to the Gemalto Breach Level Index, there are more than 7 million data breaches worldwide every day. Only 4% of compromised data is encrypted.

Data breaches can be a breach of contract and lead to claims for damages. They can also trigger reporting obligations to the authorities and possibly obligations to inform the affected individuals, with the possibility of substantial sanctions if a report is not filed. The EU General Data Protection Regulation (GDPR) contains such reporting and information obligations.  

According to the GDPR, companies are generally obliged to report personal data breaches to the competent authority within 72 hours of becoming aware of a breach. Depending on the type of incident, the individuals concerned may have to be informed as soon as possible.

Internal processes for detecting, investigating and reporting violations are indispensable in order for a company to meet these requirements.

Over a light breakfast, we would like to discuss best practices for such processes and how to proceed based on a short case study.

This privacy breakfast is intended for people that are interested in data protection, in particular internal data protection officers, legal counsels or compliance officers. Registrations from practicing peers from other law firms will not be considered.

Interested? Register by 28 November 2018 by clicking here.

For any further questions, please contact our specialists Nicola Benz, Ronald Kogens and Cornelia Mattig.


If you liked this article, you might be interested in reading:

Checklist Privacy Policy according to the GDPR, by Nicola Benz and Cornelia Mattig

Simple in Theory, complex in Practice: The dual Role as Controller and Processor under the General Data Protection Regulation, by Nicola Benz and Ronald Kogens 

Check for GDPR Compliance and receive a customised List of next Steps for free, by Ronald Kogens and Nicola Benz


Photocredit: pexels/rawpixels.com

Topics: | Data Protection

Name 13

Nicola Benz

Nicola’s practice is focused on technology and life sciences transactions. She assists technology companies of all sizes, from start-ups to established players, as well as investors, suppliers and customers across a broad range of industries and sectors. Nicola’s expertise covers outsourcing, licensing, joint ventures and collaborations and associated intellectual property issues. She also has considerable experience advising on all types of commercial contracts, competition and regulatory issues and data protection. Nicola is recognised as a globally leading patent and technology licensing lawyer, as well as a leading practitioner in the field of intellectual property. Chambers Europe (2018) ranked her as leader in the fields of Intellectual Property and Life Science, and she was recommended in the 2017 edition of the Legal 500 EMEA for Intellectual Property as well as TMT matters. She has also been named as a thought leader for data law in the publication "Who's Who Legal 2018". Born in Scotland, Nicola obtained her law degree from the University of Edinburgh (LLB Hons) in 1997. She joined our firm as an associate in 2002 and became a partner in 2010. Since 2017 she has been the managing partner of our firm. Her working languages are English and German. Nicola is a member of the Zurich Bar Association, the International Trademark Association (INTA), the Licensing Executives Society (LES) and the International Technology Law Association (iTechLaw).

Connect with me:
Name 13

Ronald Kogens

Ronald’s practice is focused on disruptive technologies. He advises Swiss and international clients as well as public entities in corporate and technology-related transactions. Ronald has in-depth knowledge of IP/IT law, in particular licensing of IP-rights, IP-transaction, financial market and contract law. He is an expert in the field of blockchain technology, crypto-currencies and crypto-tokens. Before he joined Froriep in 2017, he worked for a major global consulting firm. He was also part of the legal counsel team of a public listed pharmaceutical company at the headquarters in Switzerland and worked for its subsidiary in the United States. Ronald graduated in law from the University of Lucerne in 2011 and was admitted to the St. Gallen Bar in 2012. In 2016 he was awarded a Master of Laws (LL.M.) in business law from the Chapman University, California, United States. His working languages are German and English.

Connect with me: