Are there obligations for controllers to establish controls with respect to data processors?
Last review date: 18 December 2024
Yes.
The obligations are as follows:
☒ controllers must conduct due conduct diligence on the processor to ensure it will provide appropriate security and processing of the personal data
☒ controllers must only use processors subject to a written agreement that complies with specific requirements
Are there any direct regulatory or statutory requirements on processors?
Last review date: 18 December 2024
Yes.
Regardless of whether an organization determines the purposes and means of processing personal data or processes personal data on behalf of another organization, the organization will generally be subject to the same requirements in respect of its collection, use and disclosure of personal data.