left-svg
Bonus expert support worth 500 EUR
with the EU GDPR Documentation Toolkit
Limited-time offer – ends June 30, 2022.
right-svg

Expert Advice Community

Guest

Handling data according to EU GDPR

  Quote
Guest
Guest user Created:   Oct 15, 2020 Last commented:   Oct 19, 2020

Handling data according to EU GDPR

If we are coordinating a European project, and the data we collect is basic personal data (name, phone, email) from different EU city employees who take part in that project, are we, as a coordinator, responsible for how other project partners handle this data? i.e. the project makes us ensure that many partners also view this data (it wouldn't serve a purpose if we anonymize it) and then how can we control what the partner organisations do with this data, whether they delete it on time, etc.? so far we had a project document called DP management, where we would write down procedures, including that the data needs to be deleted after the project ends and so on. Is this enough to show our accountability as coordinators?

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Oct 19, 2020

"If we are coordinating a European project, and the data we collect is basic personal data (name, phone, email) from different EU city employees who take part in that project, are we, as a coordinator, responsible for how other project partners handle this data? i.e. the project makes us ensure that many partners also view this data (it wouldn't serve a purpose if we anonymize it) and then how can we control what the partner organisations do with this data, whether they delete it on time, etc.? so far we had a project document called DP management, where we would write down procedures, including that the data needs to be deleted after the project ends and so on.

You need to evaluate if your project partners process data on your behalf, you can be considered as the leader of the project, and therefore they will be seen as a data processor. In this case, you need to appoint them and determine procedures, controls, and require compliance with your policies. 

Your partners may be seen also as a joint controller, under article 26 GDPR, if they determine with you the mean and the purposes of data processing. In this case, you can make a data processing agreement and determine jointly policies to follow. Each will be accountable for the data processed by its company.

Is this enough to show our accountability as coordinators?

If your partner is a data processor, you need to appoint them as a data processor with a data processing agreement. Article 28 GDPR requires a written legal undertaking. Of course, you can demand to follow your policies and rules and also control if they comply with it.

Here you can find more information

If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://training.advisera.com/se/eu-gdpr-foundations-course//

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Oct 15, 2020

Oct 19, 2020

Suggested Topics

Guest user Created:   Sep 30, 2020 EU GDPR
Replies: 1
0 0

GDPR Privacy querries

Guest user Created:   Jun 22, 2022 EU GDPR
Replies: 1
0 0

Doubts about ODPR or GDPR