I Filed a DSAR with NoybEU. Here's Why.
At some point though, a thought came to me -- what does a good tech stack look like? What kind of benchmark or best practice should I advise clients on? How can data controllers do things in a privacy-preserving way? And so I asked Noyb, CNIL and the Aust
First a little history:
The transparency and accountability principles of Article 5 are important ones. Among them, personal data must be
processed lawfully, fairly and in a transparently;
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
adequate, relevant and limited.
These are part of the obligation of the controller. Also, under Art. 28, controllers have an affirmative duty to ensure that their processors are also follow Article 5 principles (amongst other things). These obligations apply to all controllers governed by the GDPR.
Data subjects have an affirmative right under Article 15 GDPR to ask for access to their personal information (as well as details on how the controller is honoring their obligations under the Regulation).
Okay, so many of you know this, and may be asking: Okay, why is she telling me this?
It's simple: I'm looking for accountability and transparency. In this case, from NoybEU.
10…
Keep reading with a 7-day free trial
Subscribe to Privacat Insights to keep reading this post and get 7 days of free access to the full post archives.