The subcontractor must have adequate information security, must not resort to subcontracting without knowing and the consent of the person in charge of the processing, must cooperate with the authorities in case of request, report to the person in charge of the data protection, as soon as he is aware of them, give the person in charge of the processing the opportunity to carry out audits verifying compliance with the DSGVO , to help the person in charge of the treatment, to respect the rights of the people concerned. , should assist the processing manager in dealing with the consequences of data breaches, delete or return all personal data at the end of the contract, at the choice of the processing manager, and inform the processing manager if the processing instructions violate the RGPD. Article 35 specifies data protection impact analyses, including when and how they should be carried out. It also mentions how processors and data processors should take into account compliance with contractual agreements (for example. B data processing agreements) when conducting data protection impact analyses.