Guest user Created: Apr 08, 2018 Last commented: Apr 08, 2018

IT organization

A small IT organization manages another companies IT infrastructure. Though they do not actually "view or access" the records of the controllers data, they do move files and perform everyday automated functions (backups for example) and also perform manual restores or changes to file permissions for example. They are therefore a Processor, but should each activity be logged / recorded ?

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Apr 08, 2018

Answer:

The small IT organization definitely acts as a processor as you mentioned. As such they need to act only on the instructions of the data controllers an they need to be able to prove that any processing pf personal data was done as instructed by the data controller or based on the contractual obligations set up in the contract between the controller and processor. Logs are definitely a way of keeping a tab on the activities done based on the instructions of the data controller and they would also be useful as proof that the activities are actually happening.

Regarding the level of details this is something that you need to establish by yourself and is strictly related to the services that are provided.

To find out more about controllers and processors you can check out our article “EU GDPR controller vs. processor – What are the differences?” - https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 08, 2018

Expert Advice Community

IT organization

IT organization

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

EU GDPR and non-profit organizations

Charitable organisations, non for profits, refugees.

GDPR for Non-governmental organization