Data protection agreement Maintenance and servicing of IT systems
Data protection agreements for the maintenance and servicing of IT systems are mandatory under the GDPR as soon as external service providers are given access to personal data. Companies must ensure that data processing agreements are concluded in accordance with Art. 28 GDPR and that technical and organizational measures (TOM) are defined in detail. Missing or unclear agreements can lead to high fines and liability risks. The article explains the legal basis, shows typical maintenance scenarios, provides practical tips on drafting contracts and offers a checklist for GDPR-compliant implementation.