The organization must maintain a list of partners who have access to confidential information. System vendors and processors of personal data are listed separately from other stakeholders because they play an active role in the processing of data.
The organization should have pre-planned procedures for situations where third parties need to be notified of changes, deletions and prohibitions regarding shared personal data.
These parties can be, for example, partners who process data or organizations to which personal data has been disclosed forward.</p>
The data in a data store are, in principle, only available to that controller and under the same responsibility. If you pass data on to another organization for other use, you must clearly inform about it and state e.g. the recipient of the transfer and the legal basis.