Guest user Created: Jul 30, 2018 Last commented: Jul 30, 2018

Non-EU based controller

If the controller is non-EU based, but the processing is partially in the EU performed by EU processors, would you have any advise what should all be paid attention to. My ideas were:

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Jul 30, 2018

· DPAs with processors
· Privacy notices to individuals
· Safeguards for transfer of data – if the EU processor transfers data to another non-EU processor, who exactly should have safeguards in place such as for example SCC and Privacy Shield certification: the controller himself or the specific processors that are transferring data between them?
· EU representative
Anything else you can add?

Answer:

Since you are dealing with sensitive personal data you should also focus on preventing and if necessary notify any data breaches and do not forget about Data Protection Impact Assessments.

To learn more about DPIAs check out our webinar “Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR” (https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/ ).

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 30, 2018

Expert Advice Community