Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Controller and processor obligations

  Quote
Guest
Guest user Created:   Apr 15, 2019 Last commented:   Apr 15, 2019

Controller and processor obligations

In a case in which the controller received from a data subject a request for erasure and then the controller forward this request to the processor, what the processor should do? In case the processor will refuse to delete the personal, what are the consequences? Many thanks in advance.
0 0

Assign topic to the user

EU GDPR DATA PROTECTION OFFICER ONLINE COURSE

Become a certified Data Protection Officer according to GDPR.

EU GDPR DATA PROTECTION OFFICER ONLINE COURSE

Become a certified Data Protection Officer according to GDPR.

Expert
Andrei Hanganu Apr 15, 2019

Answer:

The controller should always have a Data Processing Agreement in place with its processors pursuant to art. 28 of the GDPR. Based on the provisions of art. 28.3 (a) the processor needs to act only on the instructions of the controller.
So if the processor refuses to act based on the instructions of the controller it would be a breach of both the GDPR and the Data Processing Agreement.

If you want to find out more about the obligations of processors under the EU GDPR check out this free EU GDPR Foundation Course (https://advisera.com/training/eu-gdpr-foundations-course//).

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 15, 2019

Apr 15, 2019

Suggested Topics

Guest user Created:   Apr 13, 2021 EU GDPR
Replies: 1
0 0

Scope as a data controller

Guest user Created:   Feb 04, 2021 EU GDPR
Replies: 1
0 0

Data obtained from partners