You're a processor when a customer trusts you to handle their data. But often, you won't do all the work yourself. Sometimes, you use third-party services, like cloud storage.
These third parties that help you with your job are called sub-processors. 👉 In other words, sub-processors are the companies you use to handle your customer's data.
To follow the law under GDPR, companies need to handle personal data correctly.
A list of sub-processors in your DPA helps everyone stay informed and legal. This list lets your customer know who else is using their data. It also ensures these other companies are also following the law.
Your sub-processor list should detail every third-party service you use to handle your customer's data. This includes:
Here's an example:
|Amazon Web Services||410 Terry Avenue North Seattle, WA 98109, USA||DPA link||Hosting and Storage||https://aws.amazon.com/contact-us/compliance-support/|
|Intercom||55 2nd Street, 4th Floor, San Francisco, CA 94105, USA||DPA link||Database Infrastructurefirstname.lastname@example.org|
This list covers:
💡 In your DPA, you should include a URL that references your sub-processor list. You can also add the whole list to your Appendix.
Remember, your sub-processor list needs to stay updated. Review it regularly and update it whenever you start using a new sub-processor, or stop using one.
Eager to have your DPA template right away? Talk with our DPA expert now and request a DPA by answering our simple questionnaire.