So when is an organization a processor of personal data and when is it a data controller? And what exactly should a processor agreement contain? Entrepreneurs regularly ask the Autoriteit Persoonsgegevens (AP) questions about this. Today the AP continues the campaign "What does the privacy law mean for your(wo) company?" with practical information for entrepreneurs about processors. Such as answers to the most frequently asked questions and a privacy video on what is involved in drafting a processor agreement.
Organizations often hire other organizations to process personal data for them. For example, to outsource accounting. Or by using a cloud service that stores personal data. But who is then responsible for protecting personal data? The AVG imposes different requirements on controllers and processors.
In response to the most frequently asked questions, the AP has now expanded the information on processors, controllers and processor agreements. Existing QenAs have been updated, new QenAs have been added, and the AP offers practical tools to make compliance easier. Such as a privacy video on what's involved in drafting a processor agreement. And two tools for determining whether an organization is a processor: an overview with example situations and a flowchart. The AP is sharing this information through the campaign website hulpbijprivacy.nl and social media.
The AP will publish information on a different part of the AVG in each of the coming months. The first campaign month focused on customers' privacy rights. The following topics are: processing data of (sick) employees and the bases for processing personal data. With this campaign, the AP answers the most frequently asked questions from entrepreneurs about the privacy law.
This news item can also be found in the AVG file
