The Spanish data protection authority – AEPD – has published a Model Data Protection Impact Assessment ‘DPIA) Report for the Private Sector. it includes the factors that must be taken into account by the private sector in order to perform a DPIA, including the description of the data processing activity, its purpose and legal basis, […]
The standard processor agreement has been adopted by the Danish SA pursuant to art. 28(8) GDPR and aims at helping organisations to meet the requirements of art. 28 (3) and (4), given the fact that the contract between controller and processor cannot just restate the provisions of the GDPR but should further specify them, e.g. with regard to the assistance provided by the processor to the controller.