Processor’s New Direct Responsibilities

  • GDPR regulates processors¦New
  • Controller shall contract only with processors providing sufficient guarantees (e.g ISO 27018 for CSP) to implement the GDPR rules
  • Processor shall process under Controller instructions, only
  • Data processing agreement between Controller and Processor more detailed¦New
  • Processor’s duties mirroring or completing controller’s ones¦New
    • Designation of a representative (if not established in EU)
    • Security of processing
    • Data protection officer
    • Adherence to codes of conduct and certification
    • Cooperation with the supervisory authority
    • Notification of a personal data breach to the supervisory authority (Processor must notify Controller when he is aware)
    • Detailed records of all categories of processing activities