data protection by design is it required by the processor ?
Thanks and Regards,
Wasima Rajab
Assign topic to the user
Yes, according to Article 28 GDPR – Processor, para 1, “the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation”. These requirements also include Data Protection by Design and by Default, as described in Article 25 GDPR - Data protection by design and by default. Also, any Data Processor is also a Data Controller for its own personal data processing operations, such as payroll, recruitment, reporting, etc. So data protection by design and by default should be embedded in the overall GDPR compliance efforts.
Please also consult these resources:
- Article 25 GDPR - Data protection by design and by default: https://advisera.com/gdpr/data-protection-by-design-and-by-default/
- Article 28 GDPR – Processor: https://advisera.com/gdpr/processor/
- EU GDPR controller vs. processor – What are the differences? https://advisera.com/articles/eu-gdpr-controller-vs-processor-what-are-the-differences/
- Key roles defined in EU GDPR: https://advisera.com/articles/key-roles-defined-in-eu-gdpr/
Comment as guest or Sign in
Jan 18, 2023