The organization should inform the customer if, in its opinion, a processing instruction infringes applicable
legislation or regulation.
- Licensed content not shown -
28.3.h: Article(28)(3)(h): Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller. That contract or other legal act shall stipulate, in particular, that the processor: (h) makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller. With regard to point (h) of the first subparagraph, the processor shall immediately inform the controller if, in its opinion, an instruction infringes this Regulation or other Union or Member State data protection provisions.
Art.46: Processing agents must adopt security
measures, both technical and administrative, suitable
to protect personal data from unauthorized access
and accidental or illegal destruction, loss, change,
communication, or dissemination events, or any other
occurrence resulting from inappropriate or illegal
§ 1 The National Data Protection Authority may
determine minimum technical standards for the
purposes of the provisions this Article, considering
the nature of the information processed, the specific.
characteristics of the processing, and the current
state of technology, especially in the case of sensitive
personal data, as well as the principles outlined in
Article 6 of this Law.§ 2 The measures contemplated in the head provision
of this Article must be considered from the phase
of the development of the good or service until its
APA (Australian Privacy Act)
PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada
Personal Data Protection Act - Singapore
Personal Information Protection Act - South Korea