The European Commission (EC) has released a communication about its future international personal data transfer strategy. The Commission has planned to engage proactively in discussions on reaching “adequacy decisions” with key trading partners in East and South East Asia but
Controller or Processor?
Under the General Data Protection Regulation (GDPR), any person (including organisations) handling personal data is subject to a different level of obligations and responsibilities with regard to the personal data processing operations they carry out depending on whether they are acting as a processor, a controller or a joint controller.
Indeed, all their GDPR obligations and responsibilities stem from their role and may, as a result, differ greatly. In broad words, controllers bear most responsibilities while processors must only act under the instructions of the controller and therefore, bear much less responsibility on its shoulders.
GDPR at a glance
The GDPR at a Glance A better understanding of the EU General Data Protection Regulation (GDPR) (Click on the icons below or scroll down the page and find the article you’re looking for) Introduction The main concepts to understand the
Record of Processing Activities
Under the European General Data Protection Regulation (GDPR), organisations processing personal data must maintain a record of their processing activities (ROPA) unless an exemption applies.
However, the type of information to maintain in this record differs depending on whether the organisations act as a controller or as a processor with regard to a specific processing activity.
Besides, some of the processing activities recorded may also be subject to a data protection impact assessment (DPIA), which requires additional information (see here).
Overview of the Individuals’ Rights Under the GDPR
Under the General Data Protection Regulation (GDPR), individuals have several rights over their personal data (i.e. right of access, right to data portability etc.)
Controllers and to some extent processors of personal data must be able to handle individual’s rights requests without delay and, in any event, within a month of the receipt of the request. Therefore, they should implement all the technical and organisational measures necessary to respond efficiently to any potential inquiry.