What are the obligations of a processor that engages a sub-processor?
A.
The processor must give the controller prior written notice and perform a preliminary audit of the sub-processor.
B.
The processor must obtain the controller’s specific written authorization and provide annual reports on the sub-processor’s performance.
C.
The processor must receive a written agreement that the sub-processor will be fully liable to the controller for the performance of its obligations in relation to the personal data concerned.
D.
The processor must obtain the consent of the controller and ensure the sub-processor complies with data processing obligations that are equivalent to those that apply to the processor.
Relevant Legislation:
GDPR Article 28(2): States that a processor shall not engage another processor without prior specific or general written authorization of the controller.
GDPR Article 28(4): Requires that the same data protection obligations as set out in the contract between the controller and the processor are imposed on the sub-processor by way of a contract, in particular providing sufficient guarantees to implement appropriate technical and organizational measures.
Therefore, the correct answer is D. The processor must obtain the consent of the controller and ensure the sub-processor complies with data processing obligations that are equivalent to those that apply to the processor.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ssourav
3 months, 3 weeks ago