We have inventoried all the systems used and identified the ones where personal data is stored or processed.
The result is a treatment register, which is an explicit requirement in the GDPR and something that everyone must have.
Based on the processing register, we have then made flow charts that describe how personal data travels through the organization, who does what and in what order things happen and which processes and routines ensure that we meet GDPR's requirements for storage and handling of personal data.
In parallel with our GDPR work, we also make a vulnerability analysis and impact assessment of what can happen if our routines should fail. In addition to the internal work, we have since verified that we have a personal data assistant agreement with our subcontractors
What agreements do I need with Midpoint?
In addition to your service agreement, our General Terms and Conditions apply.
The general terms and conditions deal in part with Midpoint's handling of personal data and the cases where Midpoint is to be considered a personal data assistant or sub-assistant to you as a customer.
With our general terms and conditions, no separate personal data assistant agreement or sub-assistant agreement is needed. If you still want or require a separate assistant agreement, we have prepared standard agreements that can be used.Contact us (firstname.lastname@example.org) and we will help you with it.