LGPD: ANPD Clarifies Role of Controller and Processing Agent

Defining Data Controller, Defining Data Processor, Appointing a Data Protection Officer, Outsourcing, Understanding Enforcement Actions

Controllers are responsible for establishing the rules of processing (e.g., defining purpose of processing, determining the legal basis), while processing agents may define non-essential elements of the processing (e.g., technical means), but otherwise only process the data on the instruction of the controller; employees are not considered processing agents (they act under a controller’s or processing agent’s directive), and both controllers and processing agents are liable for damages (according to their assignment of responsibilities).


Previous Post

HIPPA Records Request: Healthcare Provider to Pay $5000 HHS Fine

Next Post

Privacy Principles: OAS Adds New Privacy and Data Protection Principle

Related Posts