For me as a person, being able to exercise control over my own data is equivalent to being able to exercise control over my own life. Information about me with third parties threatens my freedom. The European legislator has recognised this and, from 2016, has given me more rights in the European General Data Protection Regulation (GDPR) and related legislation to take measures and remove threats from third parties.
Control and business activities
For a company, being able to exercise control over company and personal data equals the undisturbed conduct of business activities. The result is that a company makes agreements, recorded in a (direction) agreement, with people about the use of their personal data. In the interests of the company and the fulfillment of the obligations arising from the agreements with persons, the company will make agreements with its partners about the processing of company and personal data. The agreements, laid down in a processor agreement, concern, among other things, the purpose of and the basis for the processing of data, and compliance with the duty of accountability. If there is no basis for processing personal data, a company may simply not process the personal data.
Make good agreements
Companies do not just share their data with people or other companies. Companies protect their strategic data and trade secrets by making agreements. Companies conclude confidentiality or management agreements with individuals and other companies. In these agreements, the scope and scope of processing data are agreed, and the processing parties often have to demonstrate that they meet the contractual obligations. The processors are accountable for demonstrably complying with the rights of individuals (data protection) and for complying with the rights of the company (information security).
In order to conclude a processor and management agreement, it is at least necessary that:
- There is certainty about the authenticity of the identity of the parties. It must be clear to the parties how entities (holding companies and operating companies) are structured and which organisational units are involved in the agreements. It must then be clear who the authorised representatives are and what powers these persons can exercise for the benefit of the company;
- The agreements made are adequately documented, signed by the parties, certified and deposited; and
- Parties demonstrably fulfill their contractual obligations.
MYOBI Trust Network
Only with the aid of the above-mentioned instruments can a person effectively control his data and a company over company and personal data. MYOBI, in the role of TTP, offers individuals and companies the MYOBI Trust network with which they can exercise control over data in relation to others. We call the personalised network that a person or company builds up with the help of management an information ecosystem, see figure 1.
Do you have questions? Please do not hesitate to contact us via +31 (70) 392 22 09 or firstname.lastname@example.org.