Obligations as GDPR Data Processors
VTSHosting Ltd falls under the classification of a Data Processor as we process and store the data of clients (Data Controllers) as part of our hosting service.
Choice of who we use as sub processors
We can only appoint sub processors e.g. for our server management or to outsource data backups that have demonstrated full GDPR compliance
Restrictions on Sub-Contracting
Under the terms of the GDPR, we cannot subcontract out any part of our service without the written consent of the Data Controllers who are using our service.
The contractual obligations supplied by any sub contracted processors must reflect the same contractual obligations between ourselves as processors and the controllers.
Data Processing Agreement
We can only process personal data on behalf of the controller where a contract is in place between us that outlines the service provided and the terms on us as your Data Processor . We have to ensure that we are only acting on the documented instructions of the controller.
Under the terms of the GDPR, we are required to implement appropriate security measures
We must inform controllers of any data breach without any undue delay after becoming aware
Keep records of our processing activities
We must maintain records on several things such as processing purposes, data sharing and retention.