The data exporter agrees and guarantees: a) that the processing, including the transfer itself, of personal data has been carried out in accordance with the relevant provisions of the applicable data protection law and is notified (and, if applicable, notified to the competent authorities of the Member State where the data exporter is based and does not violate the relevant provisions of that state; (b) the persons it mandates and, for the duration of personal data processing services, the processing of personal data transmitted only on behalf of the data exporter and in accordance with existing data protection legislation and clauses;c) that the importer of data guarantees sufficient for the technical and organisational security measures covered by Appendix B of this Treaty;d) than after reviewing the requirements of applicable legislation to protect data, security measures are appropriate; Protect personal data from accidental or accidental destruction or accidental loss, tampering, unauthorized disclosure or unauthorized access, especially where processing involves the transfer of data through a network, and from any other form of illicit processing; and that these measures ensure a level of security that is appropriate to the risks associated with the processing and the nature of the data to be protected, given the state of the art and the cost of implementing it; (e) that they ensure compliance with security measures; (f) that, where transmission has specific categories, the person concerned has been informed, before or as soon as possible, of the transmission of his data to a third country which does not offer adequate protection within the meaning of Directive 95/46/EC; (g) pass on any notification from the data importer; i.e. a sub-processor referred to in points 5 (b) and 8.3, the data protection regulator, when the exporter decides to continue the transfer or lift the suspension;h) to make available to the persons concerned, upon request, a copy of the clauses, with the exception of Schedule B and a summary description of the security measures; as well as a copy of a contract for subcontracting services to be concluded in accordance with the clauses, unless the clauses or contract contain commercial information, in which case it may withdraw this commercial information;i) that, in the case of a subcontractor covered in point 11, the processing activity is carried out by a subcontractor offering at least the same level of protection for personal data and the rights of the persons concerned in accordance with the clauses; and (j) to ensure compliance with Clause 4 (a) of point 4 (i). Improving the dsgvo group data agreement that can talk about the law, about who we thought, I was wondering if you could refer me to some advice on sharing personal data between a charity and a Community Interest Company (where the only shareholder is the same charity). A small and relatively static group of companies could implement an IGA in the usual way, without any specific provision for membership. However, groups will change over time and most groups will want to put in place a mechanism for new businesses that join the group to become parties to the IGA. One way to achieve this is to create a form of membership agreement that a company that meets the qualifying criteria (. B for example, a subsidiary of an existing party) may sign up to become a contracting party. The lead party or, in some cases, all other parties could also sign any membership agreement.