Assign topic to the user
Answer:
It is very unlikely that you are only a processor. If you are based in the EU and you have employees this makes you a controller in terms of processing their personal data at least for the purpose of HR management.
Regardless, assuming that you are acting solely as a processor the only folder of the toolkit that will not be suitable for you are “04_Managing_Data_Subject_Rights” and “05_Data_Protection_Impact_Assessment”.
You may also need to tweak a little the “9.1_Data_Breach_Response_and_Notification_Procedure_EN” because as a processor you only are required to notify the data controllers about the data breach and you are not allowed to contact the Supervisory Authority or the data subjects. If your customers acting as controllers don’t have specific requirements as regards to what information to provid e them when a data breach occurs you can use the template for “9.3_Data_Breach_Notification_Form_to_the_Supervisory_Authority_EN” to inform the controller about the breach (just remove the “TO THE SUPERVISORY AUTHORITY “ from the title).
Comment as guest or Sign in
Feb 23, 2018