Assign topic to the user
Answer:
The small IT organization definitely acts as a processor as you mentioned. As such they need to act only on the instructions of the data controllers an they need to be able to prove that any processing pf personal data was done as instructed by the data controller or based on the contractual obligations set up in the contract between the controller and processor. Logs are definitely a way of keeping a tab on the activities done based on the instructions of the data controller and they would also be useful as proof that the activities are actually happening.
Regarding the level of details this is something that you need to establish by yourself and is strictly related to the services that are provided.
To find out more about controllers and processors you can check out our article “EU GDPR controller vs. processor – What are the differences?” - https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
Comment as guest or Sign in
Apr 08, 2018