Explore European Union Legislation by Asking a Legal Question
assisted-checkbox
filter-instruction-1
positive-filters
negative-filters
act-filter tabs-all
parameters-title
query
assisted-checkbox: ✅
result-title
total 3
Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (Text with EEA relevance.) article 87 CELEX: 32018R1725 Processor
1. Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and the legal act establishing the controller and ensure the protection of the rights of the data subject. 2. The processor shall not engage another processor without prior specific or general written authorisation by the controller. In the case of general written authorisation, the processor shall inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes. |
Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (Text with EEA relevance.) article 87 CELEX: 32018R1725 3. Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller and that sets out the subject matter and duration of the processing, the nature and purpose of the processing, the type of operational personal data and categories of data subjects and the obligations and rights of the controller. That contract or other legal act shall stipulate, in particular, that the processor: (a) acts only on instructions from the controller; (b) ensures that persons authorised to process the operational personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; (c) assists the controller by any appropriate means to ensure compliance with the provisions on the data subject’s rights; (d) at the choice of the controller, deletes or returns all the operational personal data to the controller after the end of the provision of services relating to processing, and deletes existing copies unless Union law or Member State law requires storage of the operational personal data; (e) makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article; (f) complies with the conditions referred to in paragraph 2 and in this paragraph for engaging another processor. |
Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (Text with EEA relevance.) article 87 CELEX: 32018R1725 4. The contract or the other legal act referred to in paragraph 3 shall be in writing, including in electronic form. 5. If a processor infringes this Regulation or the legal act establishing the controller by determining the purposes and means of processing, the processor shall be considered to be a controller in respect of that processing. |