Guest
GDPR Data Controller or Data Processor
My company provides billing feature to different companies. The list of processing activities for which DPIA needs to be conducted does not talk about Card holder data. As my company stores card holder data, Do I require to conduct DPIA in my company? Is DPIA mandatory for SAAS (B2B) based company?
Assign topic to the user
Expert
Andrei Hanganu
Jun 06, 2019
Answer:
The controllers are the ones that need to perform DPIAs and in the case you have described you are acting as a data processor on behalf of the companies that are using your product.
If you want to find out more about DPIAs check out this free webinar Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR (https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/)
Comment as guest or Sign in
Jun 05, 2019
Jun 05, 2019
Jun 05, 2019