Procedure of processor in the course of personal data processing

Printer-friendly versionPrinter-friendly versionPDF verziaPDF verzia

Processor may process personal data only in the extent and under the conditions agreed upon with the controller in a written agreement.

What are the basic obligations of the processor

Processor is obliged to process personal data only in the manner pursuant to this Act and within its borders thus causing no harm to fundamental rights and freedoms of data subjects, mainly to their right to preserve human dignity or other unjustified interference to their right of privacy. In the course of processing the processor is obliged to abide:

  • basic obligations of personal data processing thus causing no harm to fundamental rights and freedoms of data subjects, mainly to their right to preserve human dignity or other unjustified interference to their right of privacy (Section 5 Paragraph 1, Section 6 Paragraph 2 point c) to i) and Paragraph 4),
  • obligation to inform the data subject in case of contact; processor is obliged to inform the data subject at any time that he processes personal data on behalf of the controller for defined or determined purpose at the first contact with the data subject (Section 8 Paragraph 7),
  • security of personal data; processor is obliged to elaborate safeguards and security documentation (Section 19 and 20),
  • obligation to instruct his entitled persons (Section 21),
  • obligation to maintain secrecy (Section 22),
  • requirements and relevant obligations for designation of the data protection officer provided that the controller chooses to designate the data protection officer for the execution of personal data processing surveillance (Section 23 to 26),
  • provide cooperation to the Office in the course of executing its tasks pursuant to the PDP Act.

 

Does the processor have any other obligations?

Controller´s obligations stipulated under Section 8 Paragraph 6, Sections 15 to 18 and Sections 28 to 32 can be exercised by the processor, if it was specifically agreed upon in the agreement with the controller. In such case the processor is responsible for fulfilment of these obligations pursuant to this agreement.

 

Desktop version
2018 Office for Personal Data Protection of the Slovak Republic