Under the EU General Data Protection Regulation (GDPR), data processors (“a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”) act on behalf of the relevant controller and under their authority. In doing so, they serve the controller’s interests rather than their own. There are several considerations that must be addressed before organisations can decide which data processors offer the most appropriate services. However, the review and selection process – normally a responsibility of the data protection officer (DPO) – is just a preliminary step.
Ongoing management of data processors is a business process, not a one-off project. There are ongoing challenges to overcome in maintaining regulatory compliance, mitigating your exposure to risk and being able to demonstrate a defensible position if your data processors suffer a data breach or regulatory action.
Join Exterro and industry experts Judy Krieg, partner – privacy, security and information at Fieldfisher, and Ainhoa Gonzalez, DPO and privacy counsel at GVC Holding Plc, to explore:
- considerations needed when reviewing or selecting data processors;
- the key challenges when managing data processors; and
- practical tips and technologies for establishing compliance and mitigating risk from data processors.