Dear Sir/Madam
I need your advice regarding the below
1. As a data processor , is it required to create a privacy policy
2. what is data processor obligation regarding data subject right
Assign topic to the user
"Dear Sir/MadamI need your advice regarding the belowAs a data processor , is it required to create a privacy policy
From your question, I understand that you are asking me if the processor has to inform data subjects about data processing through the privacy notice under Article 13 GDPR.
The purpose of a Privacy notice is to provide to data subject all the information about data processing. In fact, Article 13 GDPR requires that the controller inform the data subjects about what kind of data is processed, the purposes of the processing, if there are any data transfer, and all the information that needs to be provided by the controller to the data subjects. Privacy notice is mandatory.
The privacy policy, instead, is an internal document from the management that shows how the organization processes personal data and sets rules on processing, access data, data retention period, and so on. The privacy policy is considered one of the organizational measures to be taken by both processors and controllers. It is mandatory under Article 24 (2) GDPR when proportionate in relation to processing activities.
What is data processor obligation regarding data subject right"
As a processor, you need to establish processes that allow the controller to fulfill its obligation towards data subjects. This means that if the controller receives a request to exercise the right of erasure (right to be forgotten) and request you to erase the data of the data subject, you need to comply with such request.
Here you can find more information:
- EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
- Data subject rights according to GDPR https://advisera.com/eugdpracademy/knowledgebase/8-data-subject-rights-according-to-gdpr//
- Four main questions for obtaining and managing data subjects’ consent under GDPR: https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/
- EU GDPR Data Subject Access Request Flowchart https://info.advisera.com/eugdpracademy/free-download/eu-gdpr-data-subject-access-request-flowchart
You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Nov 06, 2020