I need your advice regarding the below:
Shall sub-processors used by data processor share their sub-processors and third party list with the data processor
Assign topic to the user
Yes, you need to share your third-party list with the processor. The chain of data processors must be clear and transparent to the controller. The controller can authorize the processor to engage a sub-processor with a specific authorization or with a general authorization. In case of general written authorization, the Article 28 GDPR requires the processor informing the controller “of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes.”
Here you can find more information:
- Article 28 GDPR https://advisera.com/eugdpracademy/gdpr/processor/
- EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
- EU GDPR document template: Processor GDPR Compliance Questionnaire https://advisera.com/eugdpracademy/documentation/processor-gdpr-compliance-questionnaire/
- EU GDPR document template: Supplier Data Processing Agreement https://advisera.com/eugdpracademy/documentation/supplier-data-processing-agreement/
You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Nov 18, 2020