Arti­cle 35, para­graph 7, pro­vides that a data pro­tec­tion impact analy­sis defines the pur­pose of the treat­ment and a sys­tem­at­ic descrip­tion of the pro­posed treat­ment. A sys­tem­at­ic descrip­tion of a com­plete DPIA may include fac­tors such as the nature of the data processed, the length of data stays, where the data is locat­ed and trans­mit­ted, and third par­ties who may have access to the data. In addi­tion, the DPIA should include: To pre­pare for the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), please con­sult the resources avail­able www​.microsoft​.com/​g​dpr. For this top­ic, see FAQ . 3.3 The data of the pro­cess­ing man­ag­er is processed and stored in accor­dance with the EU‘s gen­er­al data pro­tec­tion reg­u­la­tion and in accor­dance with the pro­vi­sions of this agree­ment. 8.2 The data proces­sor may not dis­close data to third par­ties with­out the writ­ten con­sent of the proces­sor, unless such dis­clo­sure is the result of or stip­u­lat­ed by leg­is­la­tion or a bind­ing request from a judi­cial or data pro­tec­tion author­i­ty. 12.1 The data proces­sor must treat per­son­al data con­fi­den­tial­ly and there­fore has the right to use per­son­al data only as part of the per­for­mance of its rights and oblig­a­tions under this Agree­ment. 8.1 The pro­cess­ing man­ag­er guar­an­tees the legal author­i­ty to process per­son­al data with­in the scope of this Agree­ment. 1.2.2 Inven­to­ry data (may be deac­ti­vat­ed): Basic hard­ware data, oper­at­ing sys­tem, user and com­put­er domain and orga­ni­za­tion­al unit, installed soft­ware, local admin­is­tra­tors‘ accounts, com­put­er and user groups and cur­rent IP address I am look­ing for a data proces­sor agree­ment, since we use Office 365 and are locat­ed in Sweden.

May 25: E the new RGPD comes into effect and, until then, we need an absence signed with Microsoft. 15.1 Respon­si­bil­i­ty for data pro­tec­tion vio­la­tions or this Agree­ment is dealt with in accor­dance with applic­a­ble data pro­tec­tion pro­vi­sions if con­trac­tu­al agree­ments for the under­ly­ing ser­vices do not con­tain spe­cif­ic lia­bil­i­ty pro­vi­sions. 14.2 The cat­e­gories of peo­ple involved in per­son­al data are pri­mar­i­ly users and staff of the pro­cess­ing manager.