- The parties are well aware of the difference between licensing sui generis rights and buying/selling databases as such.
- The type of data at stake is clearly defined and the controller has ensured whether the GDRP is applicable or not.
- An agreement between the controller and the third party has been signed and it clarifies the roles to be played by each party.
- Adequate safeguards to protect data subjects’ rights have been settled and all parties are aware of their obligations.
|