Short Reads

Countdown 1 week until GDPR : Will processors have the same obligations, legal requirements, and the same sanctions as controllers do?

Stibbe - Will processors have to fulfill the same compliance obligatio

Countdown 1 week until GDPR : Will processors have the same obligations, legal requirements, and the same sanctions as controllers do?

17.05.2018 EU law

Only 1 more week to go before the GDPR becomes fully effective. Preparing your company for the application of this new regulation requires a correct understanding of its principles. Each week, we highlight one particular misconception regarding the interpretation of the GDPR.

Will processors have to fulfill the same compliance obligations, meet the same legal requirements, and have the same sanctions for not complying with the GDPR as controllers do?

Under the GDPR, processors must adhere to more compliance obligations and legal requirements compared to the current regulatory framework, but not to the same extent as that which are required of the controllers.

For example, processors will have to implement appropriate technical and organizational measures to ensure a level of security that is appropriate to the risk, designate a data protection officer, satisfy the conditions of transfers of personal data to a recipient in a third country or an international organization under very similar conditions to the ones that apply to controllers.

Processors will have to keep records of their processing activities, but the information to be included in such records differs from the records to be kept by the controller.

Privacy impact assessments or notification of personal data breaches will remain the main responsibility of the controller, even though the processor will have to assist in complying with obligations pertaining to such assessments and data breaches.

Sanctions for violations of the GDPR are the same for both controllers and processors, but the application thereof will of course depend on the circumstances of each individual case, including the degree of responsibility of the controller or processor for the violation at stake.

 

Stibbe, together with Chiomenti, Cuatrecasas, GIDE and Gleiss Lutz, have gathered this useful information, reflecting some common misconceptions about the implementation of the GDPR.

Team

Related news

08.11.2019 EU law
Erik Valgaeren is session chair during IBA's 6th Biennial Technology Law Conference in Berlin

Speaking slot - Stibbe's TMT partner, Erik Valgaeren, chairs a session discussing the new legal challenges, created by the most recent technological developments in the field of software, data, online services and telecom, including 5G, pricing algorithms, platforms and data monetization. This session will take place on the 8th of November 2019 in Berlin.

Read more

24.10.2019 BE law
Virtual Currency Regulation Law Review - Belgian chapter

Articles - The second edition of the Virtual Currency Regulation Law Review is intended to provide a practical, business-focused analysis of recent legal and regulatory changes and developments, and of their effects, and to look forward at expected trends in the area of virtual currencies on a country-by-country basis.

Read more

08.11.2019 BE law
Interview with Wouter Ghijsels on Next Gen lawyers

Articles - Stibbe’s managing partner Wouter Ghijsels shares his insights on the next generation of lawyers and the future of the legal profession at the occasion of the Leaders Meeting Paris where Belgian business leaders, politicians and inspiring people from the cultural and academic world will discuss this year's central theme "The Next Gen".

Read more

24.10.2019 BE law
Stibbe hosts a seminar on the act of 4th of April 19 on abuse of economic dependence

Seminar - On October 24th, VBO/FEB's Secretary General Philippe Lambrecht and Stibbe Brussels' Peter Wytinck, Paul Van der Putten, Erik Valgaeren and Sarah De Wulf hosted a lunch seminar aimed at clarifying the scope, interpretation and implications for businesses of the ground-breaking (but still enigmatic) law of 4 April 2019 on the abuse of economic dependence and unfair terms and practices in B2B relationships.

Read more

Our website uses functional cookies for the functioning of the website and analytic cookies that enable us to generate aggregated visitor data. We also use other cookies, such as third party tracking cookies - please indicate whether you agree to the use of these other cookies:

Privacy – en cookieverklaring