Controller – processor relationship – Legal updates on technology

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”), controllers must only use processors that provide sufficient guarantees regarding their capability to implement appropriate technical and organizational measures to ensure that all processing activities are performed and protected in line with the legal requirements. In this respect, before engaging the services of a processor, the controller must perform a proper assessment of the processor’s capabilities to process the entrusted personal data in a secure and confidential manner, in accordance with the provisions of the General Data Protection Regulation. The complete article is available here.