When data is stored abroad, it is important to describe the steps the data processor must take to ensure a level of security equivalent to that grown in the EU. For example, with respect to data held in the United States, it will be a good idea to follow the Privacy Shield Framework (but this may change due to the recent controversies surrounding it). Given the number of details to be dealt with, it is worth putting that part in a separate clause or even an appendix to the contract. Obligation to terminate personal data processing services 1. The data importer may not sign any of its processing operations carried out on behalf of the data exporter in accordance with the clauses without the prior written consent of the data exporter. If the data importer signs its obligations under the clauses with the agreement of the data exporter, it does so only through a written agreement with the subcontract, which imposes on the subcontractor the same obligations as those imposed on the data importer under the clauses. If the subcontractor does not comply with its data protection obligations under such a written agreement, the data importer is fully liable to the data exporter for the performance of the subprocessing obligations arising from this agreement. Then it`s time to set the tasks of the data editors. “outsourcing,” any subcontractor that is enabled by the data importer or any other subcontract of the data importer and agrees to receive personal data from the data importer or another subcontract of the data importer only for the processing of activities to be carried out on behalf of the data exporter after the transfer, the terms of the clauses and the terms of the written sub-mandate; “organizational technical and security measures,” measures to protect personal data from accidental or accidental destruction, tampering, unauthorized disclosure or unauthorized access, particularly where processing involves the transfer of data through a network, and from any other form of illicit processing.