What if I want to make use of an external party for my classes, research, or business?
If Tilburg University, as the legal controller, engages a company for the processing of personal data, a processing agreement is requierd. This is a legal obligation under the GDPR.
In a number of cases, this other organization is not a processor within the meaning of the GDPR and does not need to enter into a processing agreement, but it is sufficient to include certain agreements (e.g., on responsibility and security) in the main agreement. However, in many cases, a processing agreement is mandatory. The Data Representative can help determinewether this is the case.
If Tilburg University processes personal data for itself within the organization, no processing agreement is required.