Document the data leaving or being shared outside the organisation.
<aside>
💡 Purpose
List the applicable safeguards and legal basis for the processing.
Delimit and describe the scope in detail:
- the personal data processed, their recipients, and retention periods
- the processes and medias for the entire data lifecycle (from collection to deletion)
Evaluation (independently of the area)
- Good Individuals' rights are respected by design.
- Limited Individuals' rights are not respected, but tools exist to enforce them afterwards.
- Poor Risks for individuals are high, and the company processing the data provides no guarantees regarding the respect of individuals' rights.
Refer to the data governance handbook
</aside>
What is a GDPR data processing agreement? - GDPR.eu
🚛 Data sharing