8. The data protection impact analysis and the data protection subcontractor provide the company with appropriate support for all data protection impact assessments and prior consultations with supervisory authorities or other data protection authorities; that the company considers reasonably necessary in accordance with section 35 or 36 of the RGPD or equivalent provisions of another data protection law, in any case only with respect to the processing of the company`s personal data by contract processors and taking into account the nature of the processing and information available to processors. (B) The company wishes to provide the data processor with certain services that involve the processing of personal data. This data processing agreement is adapted by the DPA De ProtonMail which is on this page. Organizations can use the following document as part of their compliance with the RGPD. 1.1.4 “Data protection laws” are EU data protection laws and, where appropriate, data protection or data protection legislation from another country; 1.1.8.2 the transfer of personal data from the company by a contract subcontractor to a subcontractor or between two branches of a commercial subcontractor, at least where such transmission would be prohibited by data protection legislation (or by the conditions of data transfer agreements put in place to impose restrictions on data protection); 11.1 The subcontractor may not transfer or authorize the transfer of data to countries outside the EU and/or the European Economic Area (EEA) without the company`s prior written consent. When personal data processed under this agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the parties ensure that personal data is adequately protected. To do so, contracting parties, unless otherwise agreed, rely on standard contractual clauses approved by the EU for the transfer of personal data. (C) The parties are working to implement a data processing agreement in line with the requirements of the current legal framework for data processing and the 2016/679 European Parliament and Council 27 April 2016 on the protection of individuals in the processing of personal data and the free movement of personal data and repealing Directive 95/46/EC (General Data Protection Regulation). 10.2 The company`s information and audit rights are given only to the extent that the agreement does not give them any further information or review rights to meet the relevant requirements of the Data Protection Act.