|
|
|
|
|
|
by ThePhysicist
3019 days ago
|
|
|
The GDPR explicitly states that companies can prove their adherance to best practices using certification (https://gdpr-info.eu/art-42-gdpr/), so it usually would be sufficient to show a certificate from an accredited source to "prove" that data is handled appropriately. Don't forget though that the user also has the right to know which other processors or joint controllers have a copy of his/her data, so companies will have to provide a list with all of the services they use. |
|
|