|
|
|
|
|
|
by charleslmunger
2837 days ago
|
|
|
From the link: makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller. Adherence of a processor to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element by which to demonstrate sufficient guarantees as referred to in paragraphs 1 and 4 of this Article. You can subcontract, in the same way that a any other business has to subcontract with businesses that obey relevant laws. They didn't ignore history or the present - they added new responsibilities to subcontractors, and described requirements for those contracts. The subcontracting provisions I think are actually very reasonable and well defined. Things like the Right to be Forgotten have other issues around free speech, but the controller -> processor relationship seems pretty well specified. |
|
|