Expert Advice Community

Guest

DPIA’s and Clients' data

  Quote
Guest
Guest user Created:   Aug 12, 2021 Last commented:   Aug 19, 2021

DPIA’s and Clients' data

I have a question around DPIA’s and our Clients data

As a security Monitoring company providing SOC-as-a-service, we are a ‘processor’ to our clients, and we monitor their networks/systems under contractual obligation.

Would we be required to carry out DPIA’s on our Client Data as a processor as well as our own data as a controller?

From what I understand we would carry out a DPIA on their data if they request that we do so. Is this correct?

If this is not clear or you need more information, feel free to let me know.

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Aug 19, 2021

Yes, you are right, DPIA is an obligation of the data controller, as a data processor you may suggest to your client to conduct a DPIA and help them in the process, but you don't need it if the controller does not require it. About data you process as a controller, you need to determine if the monitoring falls under the scope of Article 35 GDPR, if a DPIA is required, I would suggest you use the tool that the CNIL (the French Data Protection Authority implemented, it is in English and it guides controllers through the assessment process).

Here you can find more information about the DPIA process:

If you need to understand how to implement the EU GDPR you can consider enrolling in our free EU GDPR Foundations Course: https://training.advisera.com/course/eu-gdpr-foundations-course/ 

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Aug 12, 2021

Aug 19, 2021

Suggested Topics

Guest user Created:   Sep 03, 2021 EU GDPR
Replies: 1
0 0

Applicability of employee data

Guest user Created:   Jul 15, 2021 EU GDPR
Replies: 1
0 0

Holding data