Data Processing Relationships

We’re creating our Data Processing Relationship Programme to help you manage data processing relationships with empathy. It’s a planned series of online structured activities to help you reap the rewards of an empathetic approach to processor relationships, with the following main features:

• weekly interactive webinars – attend a one hour live webinar each week, ask your questions and have them answered in real-time
• four core modules – read the course notes from the webinar in the private members area of our website
• specially designed templates – download template data processing agreements, sub-processing agreements and checklists to review agreements that others send you
• template support – get guidance on how to customise the templates for your unique purposes
• watch video recordings – watch video recordings of each webinar any time after they’ve happened
• come back any time – evergreen access to the programme so that you can come back at any time when we’ve updated the content or the templates

We’re creating this programme because all organisations process personal data, but they don’t do so on their own. Unlawful processing by your neighbours affects you, if you are involved in the same processing ecosystem. Most organisations haven’t realised that, when it comes to data processing and their relationships with other organisations – no organisation is an island.

You should join this programme if you’re any of the following:

• in-house legal adviser – a lawyer employed by your organisation whose job is to give advice related to data processing relationships, including drafting and negotiating data processing agreements
• compliance officers – a person appointed by your organisation to help them comply with relevant data protection laws and empowered with the authority to do so when it comes to data processing relationships
• anyone else responsible for managing data processing relationships in your organisation – such as a sales person, account manager or anyone similar

You’ll achieve the following results as a consequence of participating in our Data Processing Relationship Programme:

• improve processing relationships – have better relationships with other organisations that you share data processing with
• strive towards compliance – take significant steps towards complying with relevant data protection laws, when it comes to your data processing relationships
• avoid fines and penalties – stand a better chance of escaping fines and other penalties for failing to comply with relevant data protection laws, when it comes to your data processing relationships

• We believe in using the law as a tool to prevent harm from coming to people.
• We have significant practical experience dealing with data protection law.
• We cover only those areas of data protection law that are most relevant to you, saving you time and money.
• We provide insight and simplify the issues, empowering you to work through the obligations yourself.

We’ve structured the programme into a planned series of four core modules to achieve the desired results. Each module is a unit of education covering a single topic. Here’s a general description of the main aspects of each module and the relevant document templates that we make available with each one.

Attitudes towards responsibility | Module one

The first module is all about how to be aware of data processing relationships and aims to help you achieve the following outcomes:

• determine whether you’re processing personal data as part of the same or separate activities
• work out which organisation is the controller, processor or sub-processor
• clarify where your responsibilities begin and end
• communicate your position to others with a Data Protection Responsibility Letter template

Thinking like the mastermind | Module two

The second module covers how to understand your controllers. The controller in a data processing relationship is the person or organisation that determines the purpose (‘why’) and means (‘how’) of processing the personal data alone or in conjunction with others, although it is more important that they determine why to process the personal data than how. There can be more than one data controller for the same activity, in which case they would be joint data controllers. This module sets out to help you:

• consider motivations for processors or sub-processors to map activities
• interrogate the controller’s right to audit the processor or sub-processor enter into a written agreement with your processor with a Data Processing Agreement template

Minions have feelings too | Module three

The third module deals with how to be sensitive towards your processors. The processor is the person or organisation who processes the personal data on behalf of the data controller in terms of a written contract or mandate without coming under their direct authority. Your processors may include suppliers vendors, or contractors –- but they don’t include employees, because they are under the direct authority of the data controller. This module plans to help you:

• learn whether the processor should disclose their sub-processors or how they should
• decide on appropriate technical and organisational security measures for the personal data
• review written agreements with your controller or sub-processors with a DPA Requirements Table template

The delegated experience | Module four

The final module looks at how to share in the experiences of your sub-processors. The sub-processor is the person or organisation that the processor may engage as a subsequent processor to process the personal data. The sub-processor may sometimes engage additional downstream processors as subsequent sub-processors. This module tries to help you:

• decide on what’s important when it comes to data protection law
• work out which organisation is responsible for which ‘big obligations’
• enter into a written agreement with your processor with a Data Sub-processing Agreement template

This programme will officially begin on Tuesday, 5 March 2019. You can watch the webinar recordings at a later date, which means you can work through at your own pace and can go as fast or slow as you like. Most organisations take four weeks to work through the whole programme. An unlimited number of named users in your organisation will get access to the programme. Webinars will take place every Tuesday at 10:00am.

How long will my organisation have access for once we’ve paid?

You will always have access. And the content will be updated as the law and best practice is continuously developing.

What does the programme NOT cover?

You can also read what is excluded and what the programme is NOT.

How many people in my organisation can have access?

The access is per organisation. So you can have an unlimited number of participants from your organisation. We do however recommend that you don’t have too many so that you are sure who has accountability for driving your compliance.

What if we still need help on specific questions we have?

You’re welcome to contact Michalsons at any time. We will try to answer where we can, and if there is significant research or work required we will provide you with quotations to do the work.

We charge a once off upfront price for lifetime access to the programme. Click join to complete the programme registration form. You choose the currency and we will send you an invoice for payment. The prices listed include VAT.

EUR       710
USD      800
ZAR   12 000

100% Money Back Guarantee

We will refund you if you do not think you received value.