This will help reduce risks and clarify how the data can be used (and not), especially where the transfer is systematic, provides detailed information or contains data from specific categories. In other cases, the subcontractor`s terms of use may contain or refer to a contract that covers the necessary clauses, especially in the case of online web services that you may use. There is no standardized approach and different terminology is often used. In each of these cases, the recipient responsible for the processing has its own use of the personal data, and it is not a processor, since it separately determines why and how the data is used. The law allows the personal data of data subjects to be exchanged between public bodies, provided that they are done during the performance of a function. Sharing must be done for multiple purposes. These are clearly defined in the law. For example, to identify and correct erroneous information held by a public body. The processor should be able to demonstrate to the controller an approach to information security, expertise, reliability, resources, compliance with the principles and the exercise of its rights in compliance with the requirements of the GDPR. This helps the controller to determine whether sufficient safeguards have been fulfilled.

. . .