NJORD Lithuania: Lithuanian Regulator approved Standard contractual clauses for Data Processing Agreements
The Lithuanian Data Protection Authority has approved the standard contractual clauses for Data Processing Agreements under article 28 (8) of the EU General Data Protection Regulation (after this – the GDPR). These standard contractual clauses are to be used between data controllers and data processors (i.e., when a data controller engages a data processor to process personal data) or between data processors and sub-processors (i.e., when a data processor engages another sub-processor).
The standard contractual clauses are intended to assist controllers and processors in assessing and abiding by the requirements set forth by the GDPR, emphasising the enforcement of data subjects' rights, the reduction of personal data protection risks, the relationship between the controller and the processor, and the importance of clarity of rights and obligations. The Lithuanian Data Protection Authority does not oblige but rather recommends data controllers and data processors to apply the standard contractual clauses. This means that any agreements that have been signed without using the standard contractual clauses would still be considered valid if they comply with the GDPR.
The approved standard contractual clauses can be used by using and filling out the template approved by the Lithuanian Data Protection Authority or by incorporating the standard contractual clauses into more extensive agreements and ensuring that other provisions of these agreements do not conflict with the approved standard contractual clauses and / or GDPR.
Nevertheless, it is important to note that if the data controller and/or data processor decides to use the standard contractual clauses, their content may not be altered. On the other hand, it would still be possible to impose additional safeguards and other provisions on top of the standard contractual clauses.