|
Post by juthi52943 on Jan 6, 2024 6:18:56 GMT
By indicating the number of hours and provide the contact point for such notifications and the form of informing the controller about the detected breach. In addition, the processor must also assist the data controller in carrying out a data protection impact assessment DPIA - when required - and in consulting the supervisory authority when the result of the DPIA reveals that there is a high risk that cannot be minimized. The obligation to assist does not involve a transfer of Job Function Email List responsibility, as these obligations remain with the controller. For example, although a DPIA may in practice be carried out by the processor, the controller remains responsible for the obligation to carry out this assessment and the processor is obliged to assist the controller only where necessary and upon request. Important If the processor violates the GDPR by independently deciding on the purposes and methods of processing, it should be considered a separate data controller, in accordance with Art. section GDPR. Sub-processors Although the chain of downstream processors may be quite long, the controller still retains a key role in determining the purpose and means of processing.
|
|