Are there obligations for controllers to establish controls with respect to data processors?
Last review date: 10 December 2024
Yes.
The obligations are as follows:
☒ controllers must only use processors subject to a written agreement that complies with specific requirements
Are there any direct regulatory or statutory requirements on processors?
Last review date: 10 December 2024
Yes.
Data processors must guarantee the habeas data right for data subjects, apply the necessary security measures to ensure the protection of the data, develop an internal manual and procedures to comply with the law and with any requests from the data subjects, and inform the DPA of any data breach.