Controllers & Processors

GDPR regulates processors￤New Controller shall contract only with processors providing sufficient guarantees (e.g ISO 27018 for CSP) to implement the GDPR rules Processor shall process under Controller instructions, only Data processing agreement between Controller and Processor more detailed￤New Processor’s duties mirroring or completing controller’s ones￤New Designation of a representative (if not established in EU) Security […]

Controller takes “appropriate technical and organizational measures to ensure and demonstrate” that processing complies with GDPR rules, namely with Data protection policies Approved codes of conduct Approved certification Detailed records of processing activities Data protection by design and by default￤New e.g pseudonymisation to implement data protection principle of minimisation DPIA (Data Protection Impact Assessment) and