Under the GDPR (General Data Protection Regulation), a company is required to enter into certain contractual clauses if it delegates the processing of personal data to another party (i.e. the processor). This applies if either the company (i.e. the controller) or the processor is subject to the GDPR.
Depending on how the law is interpreted, companies alike Open Systems can be considered a processor of its customers in certain limited situations. Even though the existing setup of One PM with Open Systems already contains provisions that guarantee highest level of security, one may find these clauses not sufficient for certain formal requirements of the GDPR.
For that reason, Open Systems and One PM are upgrading their contractual relationship with data protection terms, in view of the new requirements of the GDPR.