Data protection rules for processors changed dramatically in May 2018, when the GDPR kicked in. Processors had new direct obligations to comply with the law. They needed to put in place new internal compliance and risk procedures in areas such as information security, security breaches and record-keeping, and some were required to appoint a Data Protection Officer. Processors also needed to re-assess their procedures and terms for engaging with customers.
Discussion on GDPR compliance often comes from the perspective of controllers (perhaps with an ‘and also’ for processors). The focus of this article is the responsibilities of processors, from the perspective of the processor.
Read the full article:
Olivia Whitcroft, principal of OBEP, 8 June 2020
This article provides general information on the subject matter and is not intended to be relied upon as legal advice. If you would like to discuss this topic, please contact Olivia Whitcroft using the contact details set out here: Contact Details