Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?
A.
An obligation on the processor to report any personal data breach to the controller within 72 hours,
B.
An obligation on both parties to report any serious personal data breach to the supervisory authority
C.
An obligation on both parties to agree to a termination of the agreement if the other party is responsible for a personal data breach.
D.
An obligation on the processor to assist the controller in complying with the controller's obligations to notify the supervisory authority about personal data breaches.
Under the GDPR, a written agreement between the controller and processor in relation to processing conducted on the controller’s behalf must include an obligation on the processor to assist the controller in complying with the controller’s obligations to notify the supervisory authority about personal data breaches. This is one of the requirements under Article 28(3)(f) of the GDPR, which specifies the minimum content of such an agreement. The other options are not required by the GDPR, although they may be agreed upon by the parties as additional terms. References: GDPR, Article 28(3)(f).
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit