ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
DPO Challenges

Should an employer sign a processor agreement with an occupational healthcare provider?

ANSWER

Between the employer and the occupational healthcare provider, no personal data processing agreement under Article 28(3) GDPR is concluded. In this respect, that entity — an organizational unit of the occupational medicine service — is an independent personal data controller pursuing its own purposes of processing personal data. The sharing (not entrustment) of employee data should be regulated by the parties in the main contract concluded between the employer and that entity.

Show all
PreviousNext

Read also:

12 March 2026

Jak wdrożyć UKSC / NIS2 - poradnik dla firm

12 March 2026

Jak wdrożyć KSC / NIS2 - poradnik dla firm

03 February 2026

Ocena skutków dla ochrony danych (DPIA) – praktyczny przewodnik + wzór formularza

Przejęcie funkcji IOD

Bezpieczeństwo klienta to dla nas priorytet

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Occupational medicine data processing agreement? | ODO 24 | ODO 24