Guest
Data subject access requests
As a processor we have been requested by one of our clients (controller) to share some basic information (comprising transaction reference and email address) with their website provider. Am I correct in thinking this should be covered in the client's own privacy policy, and that any data access request relating to this shared information would be made via the client (controller)?
Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Andrei Hanganu
May 25, 2018
Answer:
Yes you are right, data subject access requests are to be handled by the controllers which may ask their respective processors for information in order to be able to accurately respond to such a request.
To learn more about data subject rights check out our webinar “Data Subject Rights under the EU GDPR” https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/
Comment as guest or Sign in
May 25, 2018
May 25, 2018
May 25, 2018