EDPB Issues Opinion on Processor and Sub-Processor Obligations Under GDPR
The EDPB’s recent opinion clarifies controllers’ obligations regarding processors and sub-processors under the EU GDPR, emphasizing the need for transparency and compliance.
data processors
CJEU’s Advocate General Issues Opinion on Concept of Controller, Joint Controller, Processor, and Administrative Fines
Advocate General released an opinion on the concepts of “controller”, “joint controller” and “processor”, and also liability system established by the GDPR.
CNIL sets parameters for processors’ reuse of data for product improvement
The guidance addresses question: when can a processor use personal data for purposes broader than just strictly providing services to the controller?
European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses
In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, […]
Security Incident Mitigation Strategy: Effective Negotiation of Technology Contract Limitations of Liability
There is always significant negotiation around caps on liability when negotiating a contract with a technology vendor. If the vendor […]
Dutch SA initiates exploratory investigation into DPAs
The Dutch Supervisory Authority (Autoriteit Persoonsgegevens, “AP”) recently communicated a press release stating that it reached out to 30 organizations […]
Third-Party Vendor Management Means Managing Your Own Risk
When considering the termination of a vendor relationship, you must consider the vendor, the contract and the business impact. Although […]
The road to GDPR certifications won’t be a short one
The EU General Data Protection Regulation has been in effect for five months, and yet there has not been much […]
GDPR: the ‘controller v processor’ debate in financial services
Lessons can be learned in the financial services sector from the rush to update contracts to account for the General […]
Do you know your third-party providers well?
To maintain your compliance, you will have to track your third-party suppliers and how they handle any customer record data […]
Every vendor wants to be… a data controller?!
Closing data-related deals seemed so much simpler pre-GDPR, didn’t it? Remember the days when every enterprise customer was a controller […]
E-signatures can prove conclusion of data processing agreements
The use of electronic signatures (e-signatures) can prove that data processing contracts have been concluded and their terms agreed to, […]