Share it with your network!
Help your colleagues and friends deepening their knowledge
GDPR responsibilities of all parties involved
GDPR differentiates two parties, which can both be held responsible in the context of processing of personal data: data controllers and data processors:
Here are 2 important GDPR quotes concerning the (shared) responsibilities of the players involved:
Bisnode’s risk assessment procedure for new (sub)processors
Bisnode has set up a 2-phased procedure to screen new (sub)processors. First, we evaluate potential new partners via risk assessment, which covers:
This risk assessment can lead to a corrective action plan before the supplier is approved. In a second phase, approved suppliers are invited to sign the Data Processing Agreement.
360° risk assessment of data controllers and processors
Bisnode has also applied this risk assessment procedure for its existing (sub)processors. Both to evaluate potential gaps and require to address corrective measures and to comply with the documentation obligations part of accountability principle.
Of course, Bisnode customers have their own risk assessment procedures. That’s why we have been screened by many clients for whom we are processing personal data.
How Bisnode revamped its whole offering of solutions to get fully GDPR compliant? That’s the subject of episode 10.