Auditing your GDPR processors
The π©π° DPA's useful guidance on how to audit your processors, which you should do (and document) regularly!
Jun 30, 2022
—
9 min read
You might also like
Norway DPA orders Helseplattformen to rectify shortcomings
members
–
3 min read
π³π΄ Datatilsynet notifies Helseplattformen of their intent to order fixes to serious organisational and (less serious) technical deficiencies β response is due by 6 Jan 2026, with the final decision after. Key ISMS takeaways on this one + download a collated PDF.
EDPB Opinion 22/2024: obligations when relying on (sub-)processors
members
–
8 min read
π You must list all (sub-sub-sub-sub...)processors (name, address, contact person, processing activity, roles & responsibilities) and always verify they've provided 'sufficient guarantees'βthough the extent might vary based on riskβalso for onwards transfers.
Norway DPA fines university for insufficient access control in MS Teams
members
–
4 min read
The π³π΄ University of Agder was fined β¬12,500 (NOK 150k) for failing to secure personal data on Teams/SharePoint and insufficient internal controls. Short decision, several takeaways for everyone!