Post by juthi52943 on Jan 6, 2024 6:18:52 GMT
The requirements set out by the GDPR are met should be made directly by the controller. When it comes to assisting the administrator in fulfilling the obligations specified in Art. - GDPR, it is necessary that the contract does not merely repeat the obligations specified in the GDPR to assist the controller the contract should include details of how the processor may be asked to assist the controller in meeting the listed obligations.
For example, procedures and template forms could Job Function Email List be added as annexes to the contract, which would make it easier for the processor to provide the controller with all the necessary information. In addition, the processor should assist the controller in fulfilling the obligation to report personal data protection breaches to the supervisory authority, and if a high risk of violating the rights and freedoms of natural persons is identified, also to data subjects.
The processor must notify the controller of each case in which it discovers a breach affecting the resources/IT systems of the processor or sub-processor and at the same time is obliged to help the controller in obtaining the information that must be provided in the document reporting the breach to the supervisory authority. The EDPB recommends that the contract specify the time frame for such notification.
For example, procedures and template forms could Job Function Email List be added as annexes to the contract, which would make it easier for the processor to provide the controller with all the necessary information. In addition, the processor should assist the controller in fulfilling the obligation to report personal data protection breaches to the supervisory authority, and if a high risk of violating the rights and freedoms of natural persons is identified, also to data subjects.
The processor must notify the controller of each case in which it discovers a breach affecting the resources/IT systems of the processor or sub-processor and at the same time is obliged to help the controller in obtaining the information that must be provided in the document reporting the breach to the supervisory authority. The EDPB recommends that the contract specify the time frame for such notification.