CNIL (France) - SAN-2025-015
Content
=== Processing ====== Processing === The dispute concerned the processor's responsibility for implementing adequate security measures, as stipulated in Article 32 of the GDPR. The dispute concerned the processor's responsibility for implementing adequate security measures, as stipulated in Article 32 of the GDPR.
"Regarding the fairness of the procedure:"
"Regarding the fairness of the procedure:"
"Regarding responsibilities:"
"Regarding responsibilities:"
In a second assessment, the Data Protection Authority defined the processor's responsibility. The Data Protection Authority jointly emphasized [[Article 4 GDPR|Article 4(8) GDPR]], [[Article 28 GDPR|Article 28(3)(a) GDPR]], and [[Article 32 GDPR]]. The Data Protection Authority noted that the agreement between the processor and the data controller, as well as the processor's expertise as a software consultancy firm, demonstrated that the processor was responsible for ensuring data security. The Data Protection Authority jointly emphasized [[Article 4 GDPR|ar
This content has been automatically translated using machine translation. The original version is available in the source language.
This content was automatically translated using machine translation. The original version is available in the source language.