Auditing your GDPR processors

The 🇩🇰 DPA's useful guidance on how to audit your processors, which you should do (and document) regularly!

Jun 30, 2022 — 9 min read

Read the full story

Already have an account? Sign in

EDPB Opinion 22/2024: obligations when relying on (sub-)processors

members – 8 min read

📚 You must list all (sub-sub-sub-sub...)processors (name, address, contact person, processing activity, roles & responsibilities) and always verify they've provided 'sufficient guarantees'—though the extent might vary based on risk—also for onwards transfers.

Oct 22, 2024

Norway DPA fines university for insufficient access control in MS Teams

members – 4 min read

The 🇳🇴 University of Agder was fined €12,500 (NOK 150k) for failing to secure personal data on Teams/SharePoint and insufficient internal controls. Short decision, several takeaways for everyone!

Sep 12, 2024

Denmark Google Workspace for Education Chromebook case (Helsingørgate)

members – 9 min read

[15 July: Municipalities complies with Jan order + 🚨 DPA asks for EDPB opinion on the scope of a controller's documentation obligations regarding a processor's use of sub-processors] The Danish DPA's landmark decision of 2022 to ban certain use of Google products and US transfers, is still ongoing.

Jul 15, 2024