Showing data on request of data controller
Assign topic to the user
Article Art. 28(3) (h) of the EU GDPR states that the processor must inform the controller if, in its opinion, the controller’s instructions would breach Union or Member State law including the EU GDPR ( https://advisera.com/eugdpracademy/gdpr/processor/ ) so, if you have serious concerns it is your duty just to inform the controller.
It is the duty of the controllers to make sure that their instructions are lawful. Since you don’t have the full picture of the processing activity your perception about the processing being unlawful might be wrong. For example the controller could have already obtained the consent from the data subject thus you as a processor don’t need to obtain that again.
You don't need any extra conformation form the controller or the data subjects since is the job of the controller to ensure that any request that it might have is always in compliance with the EU GDPR and other data protection legislation.
For more information on the specific duties of controllers and processors I recommend to check out our article “EU GDPR controller vs. process or – What are the differences?” which can be found at : https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
Comment as guest or Sign in
Jan 06, 2018