Sub-processor Change Communication Plan

Owned by Bruno Belizario
Last updated: Jul 10, 2023
2 min read

Version

1.0

Owner

CTO

Last Updated on

Jul 10, 2023

Last Updated by

@Bruno Belizario

Approved by

@Raphael Santos

Purpose

The purpose of this communication plan is to outline the steps and procedures for effectively communicating changes in sub-processors to relevant stakeholders, including data subjects and regulatory authorities, using email as the primary communication channel. This plan ensures transparency and compliance with applicable privacy obligations when making changes to sub-processors.

Communication Plan Steps

Step 1: Internal Notification

  • Send an email to the internal stakeholders, including the management team, legal department, and relevant data processing teams, informing them about the intended sub-processor change.

  • Clearly explain the reasons for the change and provide any necessary background information.

Step 2: Impact Assessment

  • Conduct an impact assessment to evaluate the potential impact of the sub-processor change on data subjects' rights and freedoms, data security, and compliance with privacy regulations.

  • Document the assessment findings and any mitigation measures taken to address identified risks.

  • Review the existing contracts, agreements, and legal requirements to ensure that the sub-processor change complies with the necessary contractual obligations and legal frameworks.

  • If any changes are required in the contracts, consult the legal department and communicate the necessary updates to the relevant parties.

Step 4: Data Subject Notification

  • If the sub-processor change has a significant impact on data subjects' rights and freedoms, send an email notification to the affected data subjects.

  • Clearly explain the change, including the name of the new sub-processor and any impact on their data.

  • Provide relevant contact information for inquiries or concerns.

  • If necessary, include instructions for data subjects on any actions they need to take.

Step 5: Regulatory Notifications

  • If required by applicable privacy regulations, notify the relevant regulatory authorities about the sub-processor change by sending an email.

  • Include the necessary details and documentation as specified by the regulations.

Step 6: Communication with Existing Customers/Clients

  • Send an email to your existing customers/clients about the sub-processor change using this template.

  • Clearly explain the reasons for the change, any impact on the services provided, and any necessary steps they need to take, such as updating their consent or contract agreements.

  • Provide relevant contact information for inquiries or concerns.

Step 7: Documentation and Records

  • Maintain detailed documentation and records of the sub-processor change, including the email communications sent to various stakeholders, responses received, and any actions taken to address concerns or inquiries.

  • Save copies of the emails and any relevant attachments for future reference.

  • Compliance and Review

    • Periodically review and update the Sub-processor Change Communication Plan to ensure compliance with applicable privacy regulations and organizational requirements.

    • Conduct internal audits or assessments to assess the effectiveness of the communication plan and identify areas for improvement.