Transitional Services Agreement Data Protection


    As soon as the parties understand the agencies that have access to the data and information, the parties should discuss the access controls and data protection measures currently in place in each agency concerned to control access to personal data and other confidential information, and to determine whether additional controls are needed. While ASDs involve many complexities and case analyses, there are a number of practical ways for parties to anticipate potential data protection and security issues, by being strategic in the development of the TSA, to include conditions and conditions that more fully and accurately cover new relationships between the parties. While the parties are willing to take the potential risk of not having some of these provisions, they must realize that the relationship between the seller and the company sold after the conclusion is similar to an outsourcing relationship from the point of view of data protection and information security. At the end of the transaction, the divested entity is no longer a group company, but is also a third party during the transition period. There are many countries that have data protection legislation that requires permission to share personal data (IPI) with third parties – as soon as financial statements are made, this includes divested companies. Depending on the nature of the data transmitted, there may be other requirements or restrictions on the protection, collection, use and disclosure of data, such as (a) sectoral laws, particularly in the financial services sector, (b) the conditions set out in the parties` data protection policies and (c) contractual obligations to other third parties providing EMIs. Although ASDs generally have confidentiality rules that protect confidential or proprietary information from parties, they are rarely sufficient to meet the detailed requirements required to comply with existing laws on the protection of personal data applicable to the disclosure of personal data and other data to third parties. Compliance with these requirements is therefore a matter of compliance with legislation and other contractual requirements, as well as the protection of personal data of individuals and the reputation of the parties. The parties must ensure that the other party (and its respective subsidiaries and subcontractors) implement the necessary technical access controls and other data protection measures, with access to the parent company`s data and information; how: Once the parties have understood which services have access to data and information, each party must ensure that the other party (and its affiliates and subcontractors) implements with such access the required technical access controls and other data protection measures such as firewalls, data encryption, secure access to VPN, secure file transfer protocol (Secure FTP) and antivirus/antivirus software.