5. Insurance — In addition to all other assurances required by agreements between the negotiating parties, the data protection authority should require the subcontractor (or controller) to maintain an adequate level of assurance. Such assurance should at least cover privacy and cybersecurity liability (including costs arising from data destruction, hacking or intentional breaches, crisis management activities related to data breaches and data protection claims, data breaches and notification fees). Actual coverage amounts vary, based on the total amount of contracts and data processed. The RGPD quickly reorganized the approach to data protection around the world and gave people more autonomy in the use of their data than ever before. Personal data is increasingly circulating between organizations, as most partners outsource aspects of their business functions and create responsible and prudential websites. The appointment of a representative means that all data protection matters are addressed to that representative by individuals or data protection authorities, but the appointment of the representative does not affect the responsibility and responsibility of the person in charge of the processing or subcontractor according to the RGPD. Some large data processors will have contracts that they will use with all their customers that might be adapted for this purpose, but it would be wise to ensure that this contract protects you from your point of view and is not only in the interest of the data processor. This could make you vulnerable in certain situations. Many processors offer hosted or cloud-based services that are not in the EU, but clearly have the effect of capturing the processor through the RGPD. For treatment, managers or processors who are not established in the EU but who are covered by the RGPD must, subject to certain exceptions, appoint a written representative. This representative must be established in a Member State where the persons concerned are processed by the person in charge of the processing or the subcontractor (or in which most of them are located).
Although there are a number of legal systems considered by the EU to be «approved» jurisdictions (such as Argentina, Canada and Israel), there is considerable uncertainty as to the best solution, given that the data protection shield is regularly checked by the European Commission for its strength as a data transfer solution.