The responsibility and liability of the controller for any processing of personal data carried out by the controller or on the controller's behalf should be established. In particular, the controller should be obliged to implement appropriate and effective measures and be able to demonstrate the compliance of processing activities with this Regulation, including the effectiveness of the measures. Those measures should take into account the nature, scope, context and purposes of the processing and the risk to the rights and freedoms of natural persons.
GDPR Recital EN
Recital 74
Related across sources
Case Law X v Russmedia Digital SRL, Inform Media Press SRL News OLG Frankfurt am Main - 6 U 81/23 Guidance Version history Guidance Guidelines 01/2021 Guidance Guidelines 8/2022 on identifying a controller or processor's lead supervisory authority Guidance Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0 Adopted on 20 October 2020