Controller and processor obligations
Assign topic to the user
Answer:
The controller should always have a Data Processing Agreement in place with its processors pursuant to art. 28 of the GDPR. Based on the provisions of art. 28.3 (a) the processor needs to act only on the instructions of the controller.
So if the processor refuses to act based on the instructions of the controller it would be a breach of both the GDPR and the Data Processing Agreement.
If you want to find out more about the obligations of processors under the EU GDPR check out this free EU GDPR Foundation Course (https://advisera.com/training/eu-gdpr-foundations-course//).
Comment as guest or Sign in
Apr 15, 2019