The organization must make sure that contractual obligations set by clients are passed to the used subcontractors and other partners (sub processors).
The compliance of of partner organizations with the set obligations must be reviewed regularly. Each partner must have named contact person and the necessary contact information must be up-to-date.
The processors of personal data (e.g. providers of data systems, other partners using our employee or customer data) and the agreements related to the processing of personal data have been documented. The documentation includes e.g.: