Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Showing data on request of data controller

  Quote
Guest
dirkmuis Created:   Jan 03, 2018 Last commented:   Jan 06, 2018

Showing data on request of data controller

So since we are a data processor (SAAS) almost everything we do with (personal) data is on request of the data controller. If our customer requests to show certain personal data which could be in conflict with the GDPR should we inform them about this and provide the functionality or are we responsible to tell them we won't agree on data which might conflict with GDPR? An example is a public page where members can be found. - Yes, we can provide an extra check where the member must agree on showing their data 1. What if the customer doens't want to use it, who is responsible? 2. On which personal data is the extra confirmation applicable? (name, birth date, city, etc., all?)
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Jan 06, 2018

Article Art. 28(3) (h) of the EU GDPR states that the processor must inform the controller if, in its opinion, the controller’s instructions would breach Union or Member State law including the EU GDPR ( https://advisera.com/eugdpracademy/gdpr/processor/ ) so, if you have serious concerns it is your duty just to inform the controller.

It is the duty of the controllers to make sure that their instructions are lawful. Since you don’t have the full picture of the processing activity your perception about the processing being unlawful might be wrong. For example the controller could have already obtained the consent from the data subject thus you as a processor don’t need to obtain that again.

You don't need any extra conformation form the controller or the data subjects since is the job of the controller to ensure that any request that it might have is always in compliance with the EU GDPR and other data protection legislation.

For more information on the specific duties of controllers and processors I recommend to check out our article “EU GDPR controller vs. process or – What are the differences?” which can be found at : https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 03, 2018

Jan 06, 2018

Suggested Topics

Guest user Created:   Jun 06, 2018 EU GDPR
Replies: 1
0 0

Right to be deleted

Guest user Created:   Feb 23, 2023 EU GDPR
Replies: 1
0 0

Data privacy question