|
Post by juthi52943 on Jan 6, 2024 6:18:46 GMT
The EDPB recommends that the controller pays due attention to the obligation to give instructions regarding processing, in particular where the processor intends to delegate certain processing activities to further processors and where the processor has branches or units located in third countries. The processor should take all measures required under Art. GDPR The contract must contain or refer to information on Job Function Email List the security measures to be taken by the processor and include an undertaking by the processor to obtain the data controllers consent before making changes to them, as well as to regularly review security measures to ensure their adequacy in relation to the threats, which may evolve over time. The detail of the instructions provided by the controller to the processor regarding the measures to be taken will vary depending on the circumstances. In some cases, the administrator may provide a clear and detailed description of the security measures to be implemented by the processor. In others, the administrator may indicate minimum security objectives that must be achieved.
|
|