Tag Archives for " data processors "

Processor compliance with the GDPR

The General Data Protection Regulation expands the scope of enforcement to include a number of companies that are not based in the EU, but regularly do business with EU data subjects. The GDPR’s expanded scope not only affects those businesses, but also the businesses that provide processing services to them.

Source: Processor compliance with the GDPR: A 101

CNIL publishes guidance for data processors

On 29 September 2017, the French Data Protection Authority (the CNIL) released a guide for data processors on implementing the obligations laid down in the GDPR. Unlike the draft guidance recently published by the UK Data Protection Authority (the ICO), ‘Contracts and liabilities between controllers and processors‘, the CNIL’s guidance focuses just on processor obligations and is structured around FAQs.

Source: CNIL publishes guidance for data processors

Businesses will be considered ‘aware’ of data breaches under GDPR when their data processors notice the breach

Businesses that outsource the processing of personal data to other companies will be said to be aware of data breaches experienced by those processors as soon as the processors themselves recognise the breach, according to proposed new guidance.

Source: GDPR: Businesses will be considered ‘aware’ of data breaches when their data processors notice the breach, says watchdog

What’s wrong with the ICO’s draft guidance on controller-processor contracts?

Controller-processor contracts and liabilities don’t seem destined for any guidance from the Article 29 Working Party, at least according to the WP29’s published work programs/roadmaps to date. However, some national regulators have picked up the baton. On September 13, the U.K. Information Commissioner’s Office issued draft guidance, Contracts and liabilities between controllers and processors.

Source: What’s wrong with the ICO’s draft guidance on controller-processor contracts?

When is a vendor a processor?

Privacy professionals have been involving themselves in their organizations’ vendor management programs for a few years now. Indeed, according to the 2016 IAPP-EY Privacy Governance Survey, 70 percent of respondents (up from 63 percent in 2015) were involved in a formal vendor management program — and the numbers are just as strong in this year’s upcoming report.

Source: When is a vendor a processor?

ICO GDPR guidance on Contracts and liabilities between controllers and processors

On 1 August we reported on the launch of the International Regulatory Strategy Group’s “Article 28 GDPR ready contractual terms” for use between controllers and processors. The ICO has now launched its draft guidance on this subject.

Source: UK: ICO GDPR guidance – Contracts and liabilities between controllers and processors

>