With the introduction of the GDPR in May 2018, businesses operating in Europe will have to appoint additional data processors and compliance officers to cope with the changes.
As of May 2018, the General Data Protection Regulation (GDPR) will greatly increase the accountability of data processors and compliance officers, meaning that their roles will become more important than ever before.
For the first time in data processing history, professionals in these roles will have a direct obligation to comply with certain data protection requirements that previously only applied to data controllers.
The GDPR will create a greater balance between the responsibilities placed on data controllers and data processors. This will dramatically increase the risk profile for entities - like cloud and data centre providers - that act as data processors.
For every business that deals with the processing of data, this change will not only have an effect on processors, but also the controllers that engage them.
With the GDPR, it is likely that there will be more attention given to negotiating data processing agreements. This is because processors will seek to ensure that:
Companies should also consider reviewing their existing data processing agreements to ensure they have met the correct compliance obligations under the GDPR.
Under current law, only the controller is held liable for data protection compliance, not the processor. However, under the GDPR, there will be a direct statutory obligation on data processors so that they may be subject to direct enforcement by supervisory authorities.
In addition, they could face serious fines for non-compliance and compensation claims by data subjects for any damage caused by breaching the GDPR.
Once the GDPR is enforced, there are a series of obligations that will apply to data processors, including:
Ensure your business is prepared for the upcoming GDPR changes by signing up to our free overview course. Learn more.