Expert Advice Community

Guest

DPIA’s and Clients' data

  Quote
Guest
Guest user Created:   Aug 12, 2021 Last commented:   Aug 19, 2021

DPIA’s and Clients' data

I have a question around DPIA’s and our Clients data As a security Monitoring company providing SOC-as-a-service, we are a ‘processor’ to our clients, and we monitor their networks/systems under contractual obligation. Would we be required to carry out DPIA’s on our Client Data as a processor as well as our own data as a controller? From what I understand we would carry out a DPIA on their data if they request that we do so. Is this correct? If this is not clear or you need more information, feel free to let me know.
0 0

Assign topic to the user

EU GDPR PERSONAL DATA PROTECTION POLICY

Top-level document that describes main roles and responsibilities.

EU GDPR PERSONAL DATA PROTECTION POLICY

Top-level document that describes main roles and responsibilities.

Expert
Alessandra Nisticò Aug 19, 2021

Yes, you are right, DPIA is an obligation of the data controller, as a data processor you may suggest to your client to conduct a DPIA and help them in the process, but you don't need it if the controller does not require it. About data you process as a controller, you need to determine if the monitoring falls under the scope of Article 35 GDPR, if a DPIA is required, I would suggest you use the tool that the CNIL (the French Data Protection Authority implemented, it is in English and it guides controllers through the assessment process).

Here you can find more information about the DPIA process:

If you need to understand how to implement the EU GDPR you can consider enrolling in our free EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/ 

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Aug 12, 2021

Aug 19, 2021

Suggested Topics

Guest user Created:   Feb 23, 2023 EU GDPR
Replies: 1
0 0

Data privacy question