Expert Advice Community

Guest

GDPR Data Controller or Data Processor

  Quote
Guest
Guest user Created:   Jun 06, 2019 Last commented:   Jun 06, 2019

GDPR Data Controller or Data Processor

My company provides billing feature to different companies. The list of processing activities for which DPIA needs to be conducted does not talk about Card holder data. As my company stores card holder data, Do I require to conduct DPIA in my company? Is DPIA mandatory for SAAS (B2B) based company?
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Jun 06, 2019

Answer:

The controllers are the ones that need to perform DPIAs and in the case you have described you are acting as a data processor on behalf of the companies that are using your product.

If you want to find out more about DPIAs check out this free webinar Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR (https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/)
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 05, 2019

Jun 05, 2019

Suggested Topics