EU GDPR & EU-U.S. Privacy Shield: A pocket guide, second edition

CHAPTER 6: OTHER POINTS FOR CONTROLLERS TO CONSIDER

Chapter 4 discussed the GDPR’s key requirements – the processing principles, data subjects’ rights, and international transfers – which are all subject to the higher tier of fines. There are, however, more requirements and points that controllers in particular need to consider, which are discussed in this chapter.

Controller–processor contracts

Where a controller contracts with a data processor, that processor must be able to provide “sufficient guarantees to implement appropriate technical and organisational measures”⁴⁰ that personal data processing will comply with the GDPR and ensure data subjects’ rights are protected.

This requirement flows down the supply chain, so a processor cannot engage ...

Get EU GDPR & EU-U.S. Privacy Shield: A pocket guide, second edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

EU GDPR & EU-U.S. Privacy Shield: A pocket guide, second edition by Alan Calder

CHAPTER 6: OTHER POINTS FOR CONTROLLERS TO CONSIDER

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly