LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

EU GDPR article 28

  Quote
Guest
Guest user Created:   Apr 26, 2018 Last commented:   Apr 26, 2018

EU GDPR article 28

I have some related questions focusing perhaps more on GDPR than I27K:
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Apr 26, 2018
1. If a systems builder installs several workstations with different applications at a customer and needs to log information on those systems (not per se an audit trail) to be able to debug what went wrong between these systems, and the customer is happy to provide these logs or even (continuous) access to the systems to have things debugged, but the logs may contain privacy related information, then what do you do? Warn systems users that their actions are logged?Demand that customer anonimifies the logs / State we uphold privacy and use logs only for debugging our systems and not for audit trail? Do we need a processor agreement for that? Who provides it?
2. Do processor agreements need to be signed by both parties?
3. Do you need to actively request a website visitor to accept cookies and read the privacy statement even if you do not use personal information that is collected, e.g. by google analytics and similar 3rd party tools? Or is it enough just to link to a disclaimer or legal statement on these pages…

Answers:

1. If the users are having access to personal data you need to ensure that they are bound by the duty of confidence. This is a requirement of EU GDPR article 28.(3)e – Processors (https://advisera.com/eugdpracademy/gdpr/processor/). You can also have a pop up message to the users that they are about to access personal data.
2. If possible the customer should try to anonymize the personal data and if is not possible a Data Processing Agreement should be signed by you as the data processor and your customer as the data controller. This need to be legally binding agreement and need to be signed or agreed by both parties.
3. Is the ePrivacy Directive, which requires websites to gain consent from readers if they want to use cookies to track them. You should have a separate Cookie Policy that need to be accepted by the users. Also, the users must be informed about how they can set up their browsers not to accept cookies.

If you want to find out more about the processors obligations you can check out our free “EU GDPR Foundations Course” https://training.advisera.com/se/eu-gdpr-foundations-course//
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 26, 2018

Apr 26, 2018

Suggested Topics

Guest user Created:   Feb 08, 2019 EU GDPR
Replies: 1
0 0

Data Processing Agreement

Guest user Created:   May 15, 2018 EU GDPR
Replies: 1
0 0

GDPR Cross Border Agreement Question

Guest user Created:   Apr 13, 2018 EU GDPR
Replies: 1
0 0

GDPR - processor to controller