PDPF Exam Dumps : Privacy and Data Protection Foundation

Verify that the processor has sufficient security guarantees that are essential for the Controller to remain in

compliance with the GDPR. Remember that the responsibility is always of the controller who must take care of the data of the data subjects that have been entrusted to him.

Recital 81 mentions the following:

(81) To ensure compliance with the requirements of this Regulation in respect of the processing to be carried out by the processor on behalf of the controller, when entrusting a processor with processing activities, the controller should use only processors providing sufficient guarantees, in particular in terms of expert knowledge, reliability and resources, to implement technical and organizational measures which will meet the requirements of this Regulation, including for the security of processing. The adherence of the processor to an approved code of conduct or an approved certification mechanism may be used as an element to demonstrate compliance with the obligations of the controller.

The numerous powers of the Supervisory Authority are divided into:

-Investigative powers;

-Correcting powers;

-Advisory and authorization powers.

The investigative powers provided for in Article 58, Paragraph 1 are:

a) To order the controller and the processor, and, where applicable, the controller’s or the processor’s representative to provide any information it requires for the performance of its tasks;

b)To carry out investigations in the form of data protection audits;

c)To carry out a review on certifications issued pursuant to Article 42(7);

d)To notify the controller or the processor of an alleged infringement of this Regulation;

e)To obtain, from the controller and the processor, access to all personal data and to all information necessary for the performance of its tasks;

f)To obtain access to any premises of the controller and the processor, including to any data processing equipment and means, in accordance with Union or Member State procedural law.

Companies have tax obligations to be fulfilled, so financial data cannot be deleted.

The data subject has several rights under the GDPR, however there are limitations. These rights cannot run counter to other specific legislation. In this case, the holder can exercise the right of Opposition instead of Exclusion. In the Right of Opposition, he requests the Controller to cease the processing of his data for non- consented purposes. An example of Opposition: in Brazil there was the website naomeperturbe.com.br, where millions of Brazilians could oppose the inconvenient calls made by the telecommunication service providers.