On the accountability of the GDPR for EU-based processors

Timon Mertens

On the 25th May 2018 the General Data Protection Regulation (GDPR) became effective, alongside with – for a rather abstract EU law – an unusually widespread medial echo. This echo was due to the strengthened rights for data subjects under the new legal framework and (potentially) increased fines for companies in case of non-compliance. Beyond data subject’s rights, fines are possible for violations of a number of other provisions as well, for instance on third country transfer, appropriate technical and organizational measures or the involvement of (sub-)processors. The GDPR, however, brings another big revelation; accountability for compliance for both the controller as well as the processor. This accountability in conjunction with the risk of severe fines has led to insecurity of the market participants and sometimes spawned discussions, which have been settled in the past on a national level already. The present article scrutinizes these effects when EU-based processors are involved by non-EU based and not otherwise (cf. Art. 3 GDPR) covered data controllers.

DOI:	https://doi.org/10.37307/j.2196-9817.2019.04.14
Lizenz:	ESV-Lizenz
ISSN:	2196-9817
Ausgabe / Jahr:	4 / 2019
Veröffentlicht:	2019-06-26

Ihr Zugang zum eJournal "PinG Privacy in Germany"

Sie sind bereits Kunde des eJournal "PinG Privacy in Germany" dann melden Sie sich bitte im Kundenlogin an.
Möchten auch Sie Kunde des eJournal "PinG Privacy in Germany" werden, dann bestellen Sie Ihren Zugang noch heute.

Dieses Dokument einzeln kaufen

schnell informieren: downloaden und lesen
auf Wissen vertrauen: geprüfte Fachinformation als PDF
bequem zahlen: Zahlung gegen Rechnung, durch Bankeinzug oder per Kreditkarte

PDF | 6 Seiten
€ 10,06^*
^* inkl. gesetzlicher MwSt.