GDPR Requirements
Indicates that the responsible person is obliged to inform all recipients to whom personal data have been disclosed of any rectification, erasure or limitation of the processing of such data. In addition, the data processor is obliged to inform the data subject of these recipients upon request (Article 19).
Resulting Challenge
Changes to personal data must be logged and forwarded to the recipient of the data. Authorized recipients and persons to be informed must be known for this purpose.
Technical Solution Approach
In the backend, a process is necessary that monitors the status of the personal data and maintains a list of authorized recipients for that data. In particular, this process must provide a suitable communication channel for each recipient.
Cheklist:
- Are changes in the processing of personal data monitored?
- Is the transfer of data (e.g. updates) logged and is the recipient noted in the log?
- Will the data subjects be notified in case of any change in processing?