Assign topic to the user
The professional, when using third-party tools, acts as a Data Controller and must make sure that it understands the fact that it needs to respect the relevant data protection legislation. If this legislation is GDPR, the professional must understand Calendly’s Terms and Conditions and determine whether Calendly is a Data Processor or a Data Controller, by assessing it’s level of autonomy in establishing the scope and means of personal data processing. Once the role is established, the professional needs to sign either a Data Processing Agreement, as requested by article 28 GDPR - Processor, a joint controller agreement as requested by article 26 GDPR – Joint controllers, or a controller to controller data processing agreement. Also, it should establish if the consent is the best legal ground for processing, or other legal grounds for processing should be established, per article 6 GDPR – Lawfulness of processing.
More details here:
- Article 6 GDPR – Lawfulness of processing: https://advisera.com/eugdpracademy/gdpr/lawfulness-of-processing/
- Article 26 GDPR – Joint controllers: https://advisera.com/eugdpracademy/gdpr/joint-controllers/
- Article 28 GDPR – Processor: https://advisera.com/eugdpracademy/gdpr/processor/
- EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
Comment as guest or Sign in
Jul 10, 2022