The organization must maintain a list of partners who have access to confidential information. System vendors and processors of personal data are listed separately from other stakeholders because they play an active role in the processing of data.
The processors of personal data (e.g. providers of data systems, other partners using our employee or customer data) and the agreements related to the processing of personal data have been documented. The documentation includes e.g.:
Data protection commitments are collected from partners who process personal data, through which they assure the correct processing of personal data. These commitments may be part of an agreement on the processing of personal data.
The organization itself has also defined operating methods for monitoring these commitments with regard to partners and for taking the necessary measures.