ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Documentation and Procedures

Is It Appropriate to Conclude a Data Processing Agreement with an Entity Providing Data Migration Services?

ANSWER

If the migration involves personal data, then yes. A data processing agreement must be concluded when the controller commissions an external entity to process personal data on its behalf. The described situation — where a controller commissions an external entity to migrate data, including personal data, from one server to another — will involve the entrustment of personal data for processing. Processing of personal data, in accordance with Article 4(2) GDPR, encompasses not only the collection, modification, and storage of data, but also other operations performed on data, such as viewing, transmitting, and transferring it.

Accordingly, the activity under analysis falls within the concept of personal data processing, which means that a data processing agreement must be concluded with the external entity to which that activity has been commissioned.

Show all
PreviousNext

Read also:

07 June 2026

TikTok a RODO w sektorze publicznym – czego urzędy mogą dowiedzieć się z niemieckich zaleceń dla instytucji

29 May 2026

Kontrola służbowej poczty e-mail pracownika a tajemnica przedsiębiorstwa - kiedy pracodawca może legalnie przejrzeć skrzynkę?

14 May 2026

Czy pracodawca może opublikować zdjęcie pracownika? Wykorzystanie wizerunku pracownika na gruncie RODO i prawa autorskiego

Poradniki i Nawigatory

Poradniki i przewodniki RODO

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Data Migration: When Is a Data Processing Agreement Required? | ODO 24 | ODO 24