General Data Protection Regulation: Difference between revisions
Link to gdpr hub wiki per highlighted gdpr article |
Start summary of controller and processor chapter |
||
| Line 50: | Line 50: | ||
When automated decisions are made under contractual necessity or explicit consent, the data controller must implement safeguards including human intervention options, allowing individuals to express their views and contest decisions. Automated decisions cannot be based on special categories of personal data (such as race, health data, or political opinions) unless specific conditions are met and appropriate safeguards are in place. | When automated decisions are made under contractual necessity or explicit consent, the data controller must implement safeguards including human intervention options, allowing individuals to express their views and contest decisions. Automated decisions cannot be based on special categories of personal data (such as race, health data, or political opinions) unless specific conditions are met and appropriate safeguards are in place. | ||
=== Chapter 4: Controller and processor === | |||
Chapter 4 of the GDPR covers general obligations of controllers and processors of data, their security, impact assessments and responsibility.<ref>[https://gdpr-info.eu/chapter-4/ "Chapter 4: Controller and processor"] - gdpr-info.eu - 25 May 2018</ref> | |||
==== Article 28: Processor ==== | |||
''Main wiki: [https://gdprhub.eu/index.php?title=Article_28_GDPR Article 28 GDPR]'' | |||
Outsourcing data processing to service providers is no excuse not to comply with GDPR, it is still up to the controller to ensure that the GDPR is complied with. | |||
==See also== | ==See also== | ||