Please advise when third party disclose PII data only by visiting data processor premise and look at data at data processor premise noting that they don’t have remote access to this data , what is the nature of processing here and do we have to sign with them any agreement. And what is the case if they have remote access to this data
Thank you
Assign topic to the user
Among data controllers and data processors, it is always required a Data Processing Agreement (DPA) by Article 28 GDPR either if the processor has remote access to data or not. The nature of processing is determined by the controller while the processor processes data on the controller’s behalf under a written legal agreement with binding effects.
Here you can find more information about the data controller and the processor, consent, and data subjects:
- Is consent needed? Six legal bases to process data according to GDPR https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
- Data subject rights according to GDPR https://advisera.com/eugdpracademy/knowledgebase/8-data-subject-rights-according-to-gdpr//
- EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
In order to understand how to manage data subjects PII, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Jan 22, 2021