How do you, by means of contracts, safeguard the use of your external service providers from a data protection perspective without risking the payment of a fine? Does this actually constitute a case of commissioned data processing, or does this rather constitute a data transfer, which you should nonetheless provide for by means of a contract?
We are happy to advise you on these various options as well as on the option in which you jointly collaborate with another controller as what is called a “joint controller”.
Which provisions have to be included in a commissioned data processing agreement? Are you, as the processor, subject to any obligations that exceed the requirements prescribed by law? We will be happy to optimize the contractual framework between you and your service providers.