GDPR Documentation and PII

As per GDPR what should data controller and processor do when they obtain data subject PII from another individual other than the data subject such as his/her brother or sister or friend

GDPR requires that PII are obtained by the data subject before starting processing. 

If controller and processor obtain PII from another individual, they should verify if the data subject consented to the disclosure of PII to the controller and the processor.

Article 7 GDPR, in fact, requires to the controller to be able to demonstrate that the data subject consented to data processing when based on consent.

After verifying consent of data subject, information about data processing should be given and then controller and processor will be able to process data. In the case of PII belonging to children, only the parents or guardians can consent to process.

Of course, if the data processing is based on other legal grounds, the controller and processor can manage PII obtained from a brother or a sister of the data subject. This happens in the case of gifts purchased on the web (the online shop needs to process the PII of the receiver of the gift and in this case, the legal ground of data processing is the performing of a contract).

As per GDPR, what is the list of required documentation from data processor and data controller"

You can find here the full list of mandatory documentation:

• List of mandatory documents required by EU GDPR https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/
• Checklist of Mandatory Documentation Required by EU GDPR https://info.advisera.com/eugdpracademy/free-download/checklist-of-mandatory-documentation-required-by-eu-gdpr

Here you can find more information about the data controller and the processor, consent, and data subjects:

• Is consent needed? Six legal bases to process data according to GDPR https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
• Data subject rights according to GDPR https://advisera.com/eugdpracademy/knowledgebase/8-data-subject-rights-according-to-gdpr//
• EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/

In order to understand how to manage data subjects PII, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

Please advise regarding the below:

1. What is data processor obligations in details regarding data subject rights

• The right to be informed.
• The right of access.
• The right to rectification.
• The right to erasure.
• The right to restrict processing.
• The right to data portability.
• The right to object.
• Rights in relation to automated decision making and profiling.

Is there any procedure to be taken as example

2. When providing outsourcing call center services , what is the legal basis to process the data noting that consent is taken by the data controller (is it legitimate interest : be able to fulfill our contractual obligation with the controller ?)

3. What is the list of documentations required by the data processor