When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?
When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?
A data controller cannot avoid liability by requiring the processor to directly notify the appropriate supervisory authority. Under data protection regulations like the GDPR, it is ultimately the responsibility of the data controller to manage and report security breaches to the appropriate authorities. Assigning this duty to the data processor does not absolve the controller from responsibility.
i think it is C
Also agree that it should be C. the responsibility of notifying the Supervisory authority should be the controller, not the processor.
Also agree that it should be C. the responsibility of notifying the Supervisory authority should be the controller, not the processor.