Are there obligations for controllers to establish controls with respect to data processors?
[Last reviewed: January 2025]
Yes.
The obligations are as follows:
☒ controllers must conduct due conduct diligence on the processor to ensure it will provide appropriate security and processing of the personal data
☒ controllers must only use processors subject to a written agreement that complies with specific requirements