Guest user Created: Jul 12, 2018 Last commented: Jul 12, 2018

GDPR processor compliance

My question is as a data processor, what specific steps do we need to take in order to be GDPR compliant? Is it as simple as a privacy policy that addresses what we store, how long, and how to have us remove the data?

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Jul 12, 2018

Answer:

Things are not so simple as you would imagine, among the responsibilities for processors under the EU GDPR the most important are:

To appoint a representative if based outside of the Union;
- ensure certain minimum provisions in contracts with controllers (see Mandatory obligations for data processor contracts);
- Not appoint sub-processors without specific or general authorisation of the controller and to ensure there is a contract with the sub-processor containing certain minimum provisions;
- process personal data on the instructions of the controller unless required to process for other purposes by Union or Member State law ;
- keep a record of processing carried out on behalf of a controller );
- co-operate with the supervisory authorities;
- implement appropriate security measures;
- notify the controller o f any personal data breach without undue delay;
- appoint a data protection officer in certain cases;
- comply with the rules on transfers of personal data outside of the Union (see Transfers outside the Union).

To learn more about the EU GDPR check out our free “EU GDPR Foundations Course“ https://advisera.com/training/eu-gdpr-foundations-course//

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 12, 2018

Expert Advice Community