Following the adoption of the new EU General Data Protection Regulation (GDPR) on 27 April 2016, most organisations began to re-examine their internal processes and procedures in order to ensure compliance with the new requirements before its entry into force in May 2018. In this fourth article, we will discuss how the provisions of the GDPR affect data processors and detail the new obligations imposed on them.
The concept of data processor remains the same under the GDPR as it was under Directive 95/46/EC. A “processor” is defined as a natural or legal person, public authority, agency or other body, which processes personal data on behalf of the data “controller”, which, alone or jointly with others, determines the purposes and means of processing of personal data....
|