Before you even think about data transmission, you need to make sure that all the data you have (and want to share) has been processed and stored in accordance with the GDPR. You must comply with data processing requirements when managing or transmitting personal data. And remember that the GDPR only applies to personal data that, in the legislation, refers to „all information relating to an identified or identifiable natural person“, that is. A data subject, are defined. You need to understand the definitions of controllers and processors in accordance with the GDPR. This distinction is important for data exchange situations. Consent is not valid if you ask the data subjects to agree to receive direct marketing from „hand-picked partners“ or any other similar generic description. Consent is not valid, even if a long list of general categories of organisations is made available to the individuals concerned. Article 26 also provides that the core of the agreement must be made available to data subjects (probably in data protection notices) and that a contact point may be designated for data subjects. Regardless of the nature of the agreement and the division of responsibilities between the joint controllers, a data subject may exercise his or her rights vis-à-vis each of the joint controllers. 11.1 The processor may not transfer or authorise the transfer of data to countries outside the EU and/or the European Economic Area (EEA) without the prior written consent of the company. Where personal data processed under this Agreement are transmitted by a country of the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are duly protected.
To do this, the parties rely, unless otherwise agreed, on standard contractual clauses for the transfer of personal data approved by the EU. The reasons for the processing cannot be adjusted or modified retroactively, that is: You cannot justify otherwise the processing or transfer of data. Privacy policies should be consistent and trustworthy, regardless of your being. Data sharing between the controller and the processor is most common when a controller uses a service that involves the processing or storage of personal data.. . . .