A typical activity of processors is offering IT solutions, including cloud storage. For example, the contract must indicate what happens to the personal data once the contract is terminated. The duties of the processor towards the controller must be specified in a contract or another legal act. However, in the case of groups of undertakings, one undertaking may act as processor for another undertaking. The data processor is usually a third party external to the company. The data processor processes personal data only on behalf of the controller. The main aspects of the arrangement must be communicated to the individuals whose data is being processed. Joint controllers must enter into an arrangement setting out their respective responsibilities for complying with the GDPR rules. Your company/organization is a joint controller when together with one or more organizations it jointly determines ‘why’ and ‘how’ personal data should be processed. Employees processing personal data within your organization do so to fulfil your tasks as data controller. So, if your company/organization decides ‘why’ and ‘how’ the personal data should be processed it is the data controller. “The data controller determines the purposes for which and the means by which personal data is processed. the legal person (company or public body) or the natural person as formally identified according to the criteria of the Directive.”Ĭommenting further on the relationship between controller and processor, the European Commission official website states: Summarizing the above reflections it can be concluded that the one liable for a data protection breach is always the controller, i.e. “Finally, it should be no surprise that the controller is also held liable, in principle, for any damage resulting from unlawful processing. It is from the Article 29 Data Protection Working Party, Opinion 1/2010 on the concepts of “controller” and “processor” that the GDPR retrieves the definitions for controller and processor. The terms data controller and processor are used extensively to describe the key relationship between legal liabilities related to the consumer and the contractual responsibilities of the provider. These materials draw upon the definitions used by the European Commission to distinguish the roles related to data privacy and protection. Previous article in series – Data Privacy: Maturity Modelīy far the most comprehensive data protection framework that currently affects 28 nations directly and all interconnected (business trade) nations secondarily is the injunctions of the GDPR.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |