—requiring a shared contract that defines how the processor will handle data provided by the controller.

This contract must include language that limit how, when, and why data can be processed, including:

Data processors may only process personal data according to the instructions provided by the data controller.

Confidentiality agreements for data processor staff in regards to the data being processed.

All personal data must be deleted or returned to the data controller at the end of the data processor’s service term.

The data processor will help to ensure GDPR compliance.

In 2017, the Information Commissioner’s Office (ICO) published 

 for contracts between data controllers and data processors, stating they should include:

The data controllers rights and obligations

The contract between data controllers and processors is binding and must protect a data subject's rights.

Article 28

Article 30

Article 32

Article 6 

Article 9

Authorized Agents

California Consumer Privacy Act

California Privacy Protection Agency

California Privacy Rights Act

Colorado Privacy Act

Consent 

Dark Patterns

Data Controller

Data Mapping

Data Processor

Data Subject

Data Subject Access Request

Do Not Track

Do not sell/Do not share 

Facebook Limited Data Use

GDPR Personal Data

GDPR Principles

GDPR Rights

General Data Protection Regulation

Global Privacy Control

Gramm-Leach-Bliley Act

HIPAA

LGDP (Brazil's Privacy Law)

Personally Identifiable Information

Preference Management

Pseudonymization

Record of Processing Activities

Schrems II

Tracking Cookies

Utah Consumer Privacy Act 

Verifiable Consumer Request 

Virginia Consumer Data Protection Act

Data Rights Unwrapped 2024: Transcend Customers Powering the Next Era of Privacy Innovation

Transcend offers data governance solutions that help companies achieve privacy compliance through powerful data mapping and data discovery, automated data subject requests, and simple cookie consent, all with industry leading security.