Guest user Created: Sep 11, 2018 Last commented: Sep 11, 2018

Transfers of personal data

1. If the controller (pharmaceutical company) is located in the US, and the joint-controller (hospital) is in the EU sending health data (samples) to a lab (processor) in the US, who should exactly ensure safeguards for data transfers? In this case specifically, the Controller signs contract with the joint controller and with the processor, however the joint controller is sending data directly to the processor.

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Sep 11, 2018

2. In case the processor is not certified in Privacy Shield, to which contract should the standard contractual clauses be added?

Answers:

1. The safeguards should be ensured by the data exporter, if I understand correctly that the hospital would be in the EU. So the data exporter and data controller would be the EU hospital and the data importer and the processor would be the US located lab.

2. The Standard Contractual Clauses (controller to processor version) should be between the EU hospital (data exporter) and the US Lab (data importer).

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Sep 10, 2018

Expert Advice Community