(Reading time: 2 - 3 minutes)

a is for audit - ABC of GDPR

What a lot of organizations unfortunately still don’t realize is their legal obligation to audit their vendors under the GDPR. The GDPR distinguishes two direct parties: the controller and the processor.

The Controller

The controller decides (controls) the scope, nature, etc, and level of security for the protection of their personal data.

The Processor

The processor processes the personal data on behalf of the controller. The processor may not process the personal data given by the controller for any other reason than what they agreed upon.

Agreement between parties

You must have a legal binding agreement between processor and controller.

 The agreement must mention:

Read more: The ABC of GDPR: A is for Audit