Short Reads

Countdown 1 week until GDPR : Will processors have the same obligations, legal requirements, and the same sanctions as controllers do?

Stibbe - Will processors have to fulfill the same compliance obligatio

Countdown 1 week until GDPR : Will processors have the same obligations, legal requirements, and the same sanctions as controllers do?

17.05.2018 EU law

Only 1 more week to go before the GDPR becomes fully effective. Preparing your company for the application of this new regulation requires a correct understanding of its principles. Each week, we highlight one particular misconception regarding the interpretation of the GDPR.

Will processors have to fulfill the same compliance obligations, meet the same legal requirements, and have the same sanctions for not complying with the GDPR as controllers do?

Under the GDPR, processors must adhere to more compliance obligations and legal requirements compared to the current regulatory framework, but not to the same extent as that which are required of the controllers.

For example, processors will have to implement appropriate technical and organizational measures to ensure a level of security that is appropriate to the risk, designate a data protection officer, satisfy the conditions of transfers of personal data to a recipient in a third country or an international organization under very similar conditions to the ones that apply to controllers.

Processors will have to keep records of their processing activities, but the information to be included in such records differs from the records to be kept by the controller.

Privacy impact assessments or notification of personal data breaches will remain the main responsibility of the controller, even though the processor will have to assist in complying with obligations pertaining to such assessments and data breaches.

Sanctions for violations of the GDPR are the same for both controllers and processors, but the application thereof will of course depend on the circumstances of each individual case, including the degree of responsibility of the controller or processor for the violation at stake.

 

Stibbe, together with Chiomenti, Cuatrecasas, GIDE and Gleiss Lutz, have gathered this useful information, reflecting some common misconceptions about the implementation of the GDPR.

Team

Related news

02.10.2019 EU law
Seminar: Data protection implications of (a no-deal) Brexit

Seminar - On October 2nd at 4 pm, we organize a seminar where we will discus the implications of a (no-deal) Brexit on data protection.  These issues affect all businesses interacting between UK and EEA (including EU) and which send or receive data to and from UK. We will highlight the main challenges both in the case of a hard Brexit on 31 October 2019 and in other scenarios. We will also offer guidelines to help your organisation mitigate the respective risks.

Read more

19.08.2019 EU law
Enable “likes” and bear joint-controllership

Articles - The Court of Justice of the European Union recently ruled, in Case C-40/14 Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW eV,  that a website operator that features “Like” social-media plugin from Facebook likely qualifies as joint-controller with Facebook for its website visitors’ personal data collection and transmission to Facebook.

Read more

28.08.2019 NL law
Masterclass: e-signature and electronic identifiers

Masterclass - Stibbe is organising a Masterclass on 26 September 2019 in Amsterdam on the subject of e-signature and electronic identifiers. This Masterclass will cover the legal framework and focus especially on the numerous possibilities for applying the various electronic signatures in different situations. In addition, we explain the regulations governing electronic identifiers, and the mandatory European recognition they receive.

Read more

Our website uses functional cookies for the functioning of the website and analytic cookies that enable us to generate aggregated visitor data. We also use other cookies, such as third party tracking cookies - please indicate whether you agree to the use of these other cookies:

Privacy – en cookieverklaring