Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Cross border processing

  Quote
Guest
Guest user Created:   Sep 14, 2018 Last commented:   Sep 14, 2018

Cross border processing

Document 04.2 paragraph deals with establishing a lead supervisory authority. If a client from another country uses our server that is located in the Netherlands (in a facility of our supplier) to run the software they have a subscription for from us, that can be deemed a processing activity because the database contains personnel and clients (of clients) data. We do not manipulate data other than updating our software.
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Sep 14, 2018

1. Does this mean we have to establish a lead supervisory authority fort his activity?
2. If the client from another country manipulates his own data on our server does this constitute a cross border activity?

Answers:

1. First of all when describing your activity you seem to be a processor as regards to the data of your client, so is them (your clients) not you that could identify the lead supervisory authority. Identifying the lead supervisory authority is not mandatory under the GDPR.

2. Cross border data transfer means (under the GDPR) when an Exporter located in a EEA country transfers data to a Importer w hich is located outside the EEA. In your case since you are located in the EEA when you receive data there is cross border data transfer.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 14, 2018

Sep 14, 2018