I think that if you are satisfied that they are processing a large amount of SCD as part of their core activity, then they would have to provide adequate guarantees about their compliance, including a DPO.
Donald
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Bill Dunn
Sent: 16 November 2017 15:53
To: [log in to unmask]
Subject: [data-protection] Early Friday GDPR Question
Hi all,
I have a query (probably with a very obvious answer but it is just not coming to me) about when a processor is required to have a DPO and what is the responsibility on the controller (if any) to ensure that the processor has one. The situation is - a Council outsources is records storage to an external contractor who provides an EDRMS service. The records relate to a large number of residents in its area and contain special category data about each resident. In terms of Article 37(1)(c), my questions are; does the storage of the information make the provider a processor, is this their "core activity" for that article and so require them to have a DPO, would not having a DPO be an issue in relation to providing sufficient guarantees in terms of Article 28(1) and if so, does this make it the Council's responsibility to ensure that a DPO is appointed or prevent the Council from contracting with the provider?
Does anyone have any views?
Thanks
Bill Dunn
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Securing the future... - Improving services - Enhancing quality of
life - Making best use of public resources.
The information in this email is solely for the intended recipients.
If you are not an intended recipient, you must not disclose, copy,
or distribute its contents or use them in any way: please advise
the sender immediately and delete this email.
Perth & Kinross Council, Culture Perth and Kinross and TACTRAN do not warrant that this email or any attachments are
virus-free and does not accept any liability for any loss or damage
resulting from any virus infection. Perth & Kinross Council may
monitor or examine any emails received by its email system.
The information contained in this email may not be the views of
Perth & Kinross Council, Culture Perth and Kinross or TACTRAN.
It is possible for email to be falsified and the sender cannot be
held responsible for the integrity of the information contained in it.
Requests to Perth & Kinross Council under the Freedom of
Information (Scotland) Act should be directed to the Freedom of
Information Team - email: [log in to unmask]
General enquiries to Perth & Kinross Council should be made to
[log in to unmask] or 01738 475000.
General enquiries and requests under the Freedom of Information (Scotland) Act
to Culture Perth and Kinross should be made to
[log in to unmask] or 01738 444949
General enquiries to TACTRAN should be made to
[log in to unmask] or 01738 475775.
Securing the future... - Improving services - Enhancing quality of
life - Making best use of public resources.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|