Faq – Persons authorised to data processing

 

 

Persons authorised to data processing

In the case of a processor, shall the appointment be an obligation of the controller or of the processor?

The GDPR clarifies that the person authorised to data processing acts under the authority of the controller or the processor. As regards the instructions to be given to the processor, the GDPR expressly mentions the obligation of the processor to ensure that the persons authorised to process data commit themselves to confidentiality. Therefore, it is an obligation of the processor to identify and appoint the persons authorised to data processing.


How can a person authorised to data processing be appointed?

The GDPR makes no provision for this case. The amended Italian Data Protection Code allows the controller and the processor to choose the most appropriate procedure. It is recommended that their appointment should be in writing and contain instructions on tasks and obligations in order to comply with the principles of the GDPR. Needless to say that an internal policy and training are good practices to consider.


 

 

To learn more, click here or contact me

Leave a Reply

Your email address will not be published. Required fields are marked *

 

Privacy Policy - Cookie Policy - Website terms & conditions - Website map


Tiziana Minella - Via Vittoria Colonna, 32 - 10155 Torino (TO - Italy) - VAT IT03152590018 - mob. +39 366.4761338 - + 39 338.6626635