|
Post by juthi52943 on Jan 4, 2024 9:55:22 GMT
Administrators main activity In the guide the CNIL specifies how to understand the concept of main activity of the controller pointing out that the main activity of the organization should correspond to its main subject of activity. If the processing of personal data is essential to achieving the organizations objectives then the main activity criterion is met. As an example the CNIL cites a clinic whose main activity is Job Function Email List to provide medical care to its patients. This activity requires the processing of patient health data and in this case the processing of this data should be considered the main activity of the organization. Regular and systematic monitoring Since the concept of regular and systematic monitoring of data subjects is not defined in the GDPR the CNIL guide refers to. The EDPB that regularity should be understood as continuous monitoring or regular cyclical monitoring over a certain period of time. Systematicity on the other hand is understood as part of the strategy occurring in accordance with an established system methodically in a previously planned and organized manner as part of the overall data protection program.
|
|