ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Data Processing

Do I need to obtain the client's consent to pass their data to a processor?

ANSWER

If the controller must use the services of another external entity and will therefore pass its clients' personal data for processing to that external entity, it should conclude a data processing agreement. A data processing agreement is required when personal data are passed, for example, to an accounting office or to an external IT company. Upon conclusion of the data processing agreement, the controller passes clients' personal data to that company and it processes them on the terms arising from the agreement itself. The data controller is not obliged to collect consents from clients for passing data to the company to which it entrusts data for processing. The controller's obligation is however to provide data subjects (clients) with the content of the information obligation (GDPR clause), where Article 13(1)(e) GDPR lists recipients of data. The entity processing personal data on behalf of the controller will be such a recipient. It should therefore be included in the information clause and provided to clients.

Show all
PreviousNext

Read also:

07 June 2026

TikTok a RODO w sektorze publicznym – czego urzędy mogą dowiedzieć się z niemieckich zaleceń dla instytucji

29 May 2026

Kontrola służbowej poczty e-mail pracownika a tajemnica przedsiębiorstwa - kiedy pracodawca może legalnie przejrzeć skrzynkę?

14 May 2026

Czy pracodawca może opublikować zdjęcie pracownika? Wykorzystanie wizerunku pracownika na gruncie RODO i prawa autorskiego

RODO Migawki

Bezpłatny e-learning dla pracowników

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Passing client data to a processor — is consent required? | ODO 24 | ODO 24