11.1 Mediahawk keeps written records of all categories of processing activities carried out on behalf of the customer, in accordance with the data protection laws that apply to Mediahawk. (a) the processing, including the transfer itself, of the personal data has been carried out and continues to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where appropriate, notified to the competent authorities of the Member State in which the data exporter is established) and does not infringe the relevant provisions of that State; The term “treatment” appears in this article with disgusting frequency. In the definitions of the GDPR, processing essentially refers to everything you can do with a person`s personal data: collect, store, monetize, destroy, etc. What should my company do to ensure compliance? First, identify any relationship your company has with suppliers, customers, subcontractors, contractors, agents, resellers, distributors, etc., in which you transmit personal data to them or disclose it. Second, for each of these relationships, identify whether you are the data controller or the data controller. It`s likely that you want to accept a slightly different data clause depending on the answer – as a data controller, you`ll inevitably want to put as much of the burden on the data processor as possible, but as a data processor, you want the data controller to be fully responsible for compliance with the law. Finally, identify if there is a written contract between the two parties. If there is an existing contract, you must agree to a change to that treaty (which, in principle, should not be a problem, as the other party should also be interested in amending that treaty to comply with the GDPR). .