Controller’s Strengthened Responsibilities

  • Controller takes “appropriate technical and organizational measures to ensure and demonstrate” that processing complies with GDPR rules, namely with
    • Data protection policies
    • Approved codes of conduct
    • Approved certification
    • Detailed records of processing activities
    • Data protection by design and by defaultNew
      • e.g pseudonymisation to implement data protection principle of minimisation
    • DPIA (Data Protection Impact Assessment) and prior consultation¦New
  • Joint controllers
    • All responsible in front of data subject
    • An arrangement between them might distribute their respective roles and liabilities