"Data processor" record
Learn how to use Dastra's "Data processor" record.
Introduction
Article 30 of the GDPR sets out specific obligations for the personal data controller record and the data processor record. If your organization acts as both a processor and a controller, your record must therefore clearly distinguish between the two categories of activities.
In practice, in this case, the CNIL recommends that you keep 2 records:
one for the processing of personal data for which you yourself are responsible,
another for the processing operations that you carry out, as a data processor, on behalf of your clients.
The rest of this page deals only with the "Data processor" record.
The "Data processor" record
Each data processor is required to fill out a less extensive record.
This record contains :
the contact details of the data processor, its representative, if applicable, and its DPO
the contact details of all data controllers on whose behalf the data processor acts (usually the clients)
the categories of data processed
the recipients
the transfers outside the EEA
the security measures
For more information
Dernière mise à jour