When should Data Controllers be auditing their Processors?

third-party data processor due diligence checks

Whilst there has always been a responsibility on Data Controllers (those who collect and determine how personal data is processed) to ensure that their Data Processors (organisations actually doing the processing on the request of the Controller) are compliant (particularly with security) the GDPR upped the liabilities and responsibilities of both Controllers and Processors. Specifically …

Read moreWhen should Data Controllers be auditing their Processors?

ICO publishes detailed guidance on the controller-processor relationship

controller processor responsibilities GDPR

Back in September 2017 the ICO published some draft guidance for consultation setting out their views on how to interpret Chapter IV (including Article 28) of the GDPR. Chapter IV of the GDPR sets out responsibilities of Data Controllers and Data Processors. Whilst the general responsibility of a Data Controller is to apply the data …

Read moreICO publishes detailed guidance on the controller-processor relationship