• Schreiben Sie uns!
  • Seite empfehlen
  • Druckansicht

On the accountability of the GDPR for EU-based processors

On the 25th May 2018 the General Data Protection Regulation (GDPR) became effective, alongside with – for a rather abstract EU law – an unusually widespread medial echo. This echo was due to the strengthened rights for data subjects under the new legal framework and (potentially) increased fines for companies in case of non-compliance. Beyond data subject’s rights, fines are possible for violations of a number of other provisions as well, for instance on third country transfer, appropriate technical and organizational measures or the involvement of (sub-)processors. The GDPR, however, brings another big revelation; accountability for compliance for both the controller as well as the processor. This accountability in conjunction with the risk of severe fines has led to insecurity of the market participants and sometimes spawned discussions, which have been settled in the past on a national level already. The present article scrutinizes these effects when EU-based processors are involved by non-EU based and not otherwise (cf. Art. 3 GDPR) covered data controllers.

DOI: https://doi.org/10.37307/j.2196-9817.2019.04.14
Lizenz: ESV-Lizenz
ISSN: 2196-9817
Ausgabe / Jahr: 4 / 2019
Veröffentlicht: 2019-06-26
Dokument On the accountability of the GDPR for EU-based processors