seqlense logo

Search Document

Document detail

decision-quant-au-fond-n-138-2021.pdf

Here are the key points summarized:

Decision: The Chamber of Contentious Proceedings at the Authority for Data Protection decides to issue a reprimand to the first and second defendants for violating Article 28, paragraph 3 of the General Data Protection Regulation (GDPR).

Reasons:

  1. Lack of a contract between the defendant and the subcontractor.
  2. Failure to ensure that the subcontractor processed personal data in accordance with the GDPR.

Consequences: The reprimand is considered an effective, proportional, and deterrent measure against the defendants. Although there was an attenuating circumstance (the relatively recent entry into force of the GDPR), the Chamber emphasizes the importance of drafting a contract when hiring external service providers.

Key Takeaways:

  1. Contracts between data controllers and subcontractors must be drafted to ensure compliance with the GDPR.
  2. Data controllers have an obligation to monitor and ensure that their subcontractors process personal data in accordance with the GDPR.
  3. Failure to comply with these obligations can result in a reprimand or other sanctions.

Published: 2022-04-01 ยท Source: APD

Need more info or need a demo?

Although we are a tech company, we pride ourselves on being traditional and committed to a personal approach. We visit our clients to present our solutions or send brochures directly to you. Please write to us at [email protected] with your availability and contact details.

We're on a mission to unburden compliance teams from the complexities and workload in the domain of bank, insurance, and crypto compliance. This is achieved by helping them navigate through the vast amount of documents issued by regulators.