ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
DPO Challenges

When sharing customers' personal data with an external service company, should a data processing agreement be signed?

ANSWER

In the described situation, a data processing agreement should be signed with each person with whom the company — as data controller — has a cooperation agreement and who runs a sole proprietorship, covering your customers' personal data (for which you act as controller). Those cooperating with you process customers' personal data on your behalf.

A template processing agreement can be found at: /wiedza/blog/wzor-umowy-powierzenia-przetwarzania-danych-zgodny-z-rodo. Alternatively, the mandatory data processing clauses from Article 28(3) GDPR may be added to your existing cooperation agreement.

Show all
PreviousNext

Read also:

12 March 2026

Jak wdrożyć UKSC / NIS2 - poradnik dla firm

12 March 2026

Jak wdrożyć KSC / NIS2 - poradnik dla firm

03 February 2026

Ocena skutków dla ochrony danych (DPIA) – praktyczny przewodnik + wzór formularza

Szkolenia

RODO od podstaw (8h) online

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
DPA when sharing customer data with service contractors? | ODO 24 | ODO 24