|
|
|
|
|
|
by icebraining
3186 days ago
|
|
|
My question is more, what if you don't know it has personal data? Say you're just a generic document storage & sharing service, and someone uploads a generic PDF or Word, but which happens to contain personal data. Surely you're not expect to treat any possible data you receive as personal, just in case? |
|
|
If you're providing a storage service to a business that handles personal data, your a data processor, not a data controller.
If you're the data controller, you need a classification technology that can identify personal data in those documents (amongst other capabilities).
As always, there are exceptions, but that's the general rule.