Agreeing on how to process data
When processed and applied correctly, data offers the potential for innovative solutions. Consumers and businesses can benefit from sharing data and take advantage of the opportunities and (business) value data processing can offer. It will help to minimise waiting times and optimise cost saving in airport operations. This agreement offers a transparent framework to all those involved and prevents time-consuming legal disputes.
Why a data processing agreement?
At Schiphol we value a clear and transparent policy that details how we handle personal information. The General Data Protection Regulation (GDPR) requires a written agreement before any personal data can be shared between parties.
What is a data processing agreement?
The data processing agreement is a legal agreement that sets the terms for how personal data will be processed.
- subject matter and duration of the processing;
- nature and purpose of the processing;
- type of personal data to be processed;
- categories of data subjects;
- rights and obligations of the controller.
More about sharing data
Explore our policy about processing your data.
Create or increase your own business value with airport data
Most important subjects in the data processing agreement
- The purpose of the processing
The processor agreement makes clear what purpose the processing of the personal data has.
- Method of processing
The responsible party (not the processing party) must clearly state how the processing must take place. This prevents an external party from processing personal data in a way that has not been agreed upon by the parties involved.
The processor must keep confidential any sensitive data that it receives. The processor agreement therefore usually contains a confidentiality statement. The processing party hereby declares that it does not disclose personal information, or provide it, to others.
- Agreements concerning possible subcontractors
If an external processor outsources some of the activities to another party, clear agreements must be made.
- Security measures
All parties agree and detail which security measures are taken. This ensures that data will not be exchanged with parties outside of the agreement.
- Duration of processing
The processor agreement must provide clarity about the duration of the processing. In other words: when does the processing end and when should personal data be deleted?
Frequently asked questions about the data processing agreement
A signed data processing agreement ensures:
- GDPR-compliancy to Schiphol and all parties involved.
- A clear understanding of how Schiphol handles your data.
- A uniform approach to data-handling.
- When you own and share personal information with a processor.
- When you process data given to you by an owner of personal data.
The data processing agreement (DPA) contains basic conditions on the processing of personal data. These fundamental principles will be equally available to all airport users under the same conditions. A non-negotiable data processing agreement is the only way to make this possible.
- The DPA has been created based on GDPR guidelines.
- It creates a level playing field for all airlines.
- Appendices relate to a specific circumstance or situation and can be added
- All airlines will be asked to sign the data processing agreement
- As soon as data is shared, airlines will sign the agreement to meet GDPR guidelines
The data processing agreement is one of the two documents that need to be signed before sharing data. The other is the data protocol, which further outlines the conditions of working together on data projects at Amsterdam Airport Schiphol.
Read more about the data protocol
Download the data protocol