A data processor that handles personal data for multiple customers has decided to migrate its data warehouse to a third-party provider. What is the processor obligated to do prior to implementation?
A.
Seek approval from all in-scope data controllers.
B.
Ensure data retention periods are documented.
C.
Obtain assurance that data subject requests will continue to be handled appropriately.
D.
Implement comparable industry-standard data encryption in the new data warehouse.
Legal Obligation: Under regulations like the GDPR, processors must follow the instructions of controllers and obtain their approval for using sub-processors or making changes to data handling.
Accountability: Data controllers are ultimately responsible for ensuring the security and privacy of the personal data they collect and process through third parties. The processor must inform them so they can assess and approve any associated risks.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
micro_cert
1 month, 2 weeks ago