The exchange of data within a group is favoured by recital 48 of the RGPD as a “legitimate interest”. The head of management, who is part of a group of companies, may therefore transmit personal data within the group of companies, provided that the companies receiving this group also belong to this group, that the companies receiving this group are based in the EU/EEA, that these are internal administrative activities and that in the case of joint treatment, an agreement has been reached in Article 26, paragraph 1, p. 2 of the RGPD. In the case of joint treatment, this can be included in the intercompany contract. The legal basis is Article 6, paragraph 1, point (f) of the RGPD. In the area of data protection, this intercompany agreement is used with pleasure to legally represent complex data flows. The complexity is already that when a company processes data for a sister company as part of an order processing – this should already be told to you, we regularly report here on the blog on ADV contracts, for example on delimitation, content (with the BayLDA model). This data processing agreement is adapted from the ProtonMail DPA, which can be found on this page. Organizations may use the following document as part of their GDPR compliance. Many groups use intercompany agreements to clearly and comprehensively identify complex structures within the group and among subsidiaries. But what is an intercompany agreement and how can it be used wisely for data protection? (C) The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
In the end, when drafting such treaties, the principle of contractual freedom applies – it means that the form is for the moment free for everyone. The concept of an intercompany agreement is also not mandatory in this regard – a framework agreement on data protection is also possible. Summary: If you work with foreign companies, they should enter into this confidentiality agreement so that confidential information is not disclosed to third parties. Please adapt the pattern to your circumstances. […] 18.104.22.168 anward transfer of Company Personal Data from a Contracted Processor to a Subcontracted Processor, or between two establishments of a Contracted Processor, in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Laws Protection); But it remains to be kept in mind – use the Intercompany Agreement to get a large number of ADV contracts according to art.