Guest
Showing data on request of data controller
So since we are a data processor (SAAS) almost everything we do with (personal) data is on request of the data controller. If our customer requests to show certain personal data which could be in conflict with the GDPR should we inform them about this and provide the functionality or are we responsible to tell them we won't agree on data which might conflict with GDPR?
An example is a public page where members can be found.
- Yes, we can provide an extra check where the member must agree on showing their data
1. What if the customer doens't want to use it, who is responsible?
2. On which personal data is the extra confirmation applicable? (name, birth date, city, etc., all?)
Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Andrei Hanganu
Jan 06, 2018
Article Art. 28(3) (h) of the EU GDPR states that the processor must inform the controller if, in its opinion, the controller’s instructions would breach Union or Member State law including the EU GDPR ( https://advisera.com/eugdpracademy/gdpr/processor/ ) so, if you have serious concerns it is your duty just to inform the controller.
It is the duty of the controllers to make sure that their instructions are lawful. Since you don’t have the full picture of the processing activity your perception about the processing being unlawful might be wrong. For example the controller could have already obtained the consent from the data subject thus you as a processor don’t need to obtain that again.
You don't need any extra conformation form the controller or the data subjects since is the job of the controller to ensure that any request that it might have is always in compliance with the EU GDPR and other data protection legislation.
For more information on the specific duties of controllers and processors I recommend to check out our article “EU GDPR controller vs. process or – What are the differences?” which can be found at : https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
It is the duty of the controllers to make sure that their instructions are lawful. Since you don’t have the full picture of the processing activity your perception about the processing being unlawful might be wrong. For example the controller could have already obtained the consent from the data subject thus you as a processor don’t need to obtain that again.
You don't need any extra conformation form the controller or the data subjects since is the job of the controller to ensure that any request that it might have is always in compliance with the EU GDPR and other data protection legislation.
For more information on the specific duties of controllers and processors I recommend to check out our article “EU GDPR controller vs. process or – What are the differences?” which can be found at : https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
Comment as guest or Sign in
Jan 03, 2018
Jan 06, 2018
Jan 06, 2018