Guest
Data Processors and DIPA
Is Data Protection Impact Assessment a mandatory for Data Processors?
Assign topic to the user
Expert
Andrei Hanganu
Dec 18, 2017
Answer:
The EU GDPR states that DPIAs should be performed by data controllers. This is because the controller are the ones taking the decisions as regards to the purposes and means of the processing. However processors might also be called up to provide support to controllers when they are performing DPIAs if a part of the processing activity which is subject of the DPIA is outsourced to the processor. The processor must assist the controller should the controller need to carry out a privacy impact assessment. Art. 28(3)(f)
Comment as guest or Sign in
Dec 18, 2017
Dec 18, 2017
Dec 18, 2017