One requirement of GDPR, under Article 28, requires that controllers (such as yourselves) may only appoint processors who can provide “sufficient guarantees” to meet the requirement of the Regulation.
Contracting parties must be bound by an agreement which ensures that any personal data processed on behalf of another party as part of providing services is handed in accordance with GDPR, and recognises the obligations therein.
In order to comply with these obligations, and to enable you to comply with your own obligations under Article 28, we have produced the Data Processing Addendum which will be annexed to our MSA and forms part of your Contract with Simwood.
If you have any questions, please don’t hesitate to contact team@simwood.com