Amendment LIBE #2090

Article 33+

Article 33a Data protection compliance review 1. At the latest two years after the carrying out of an impact assessment pursuant to Article 33(1), the controller or the processor acting on the controller's behalf shall carry out a compliance review. This compliance review shall demonstrate that the processing of personal data is performed in compliance with the data protection impact assessment. It shall further demonstrate the ability of the data controller to comply with the autonomous choices of data subjects in accordance with Article 23a. 2. The compliance review shall be carried out periodically at least once every two years, or immediately when there is a change in the specific risks presented by the processing operations. 3. Where the compliance review results show compliance inconsistencies, the compliance review shall include recommendations on how to achieve full compliance. 4. The compliance review and its recommendations shall be documented. The controller and the processor and, if any, the controller's representative, shall make the compliance review available, on request, to the supervisory authority.

Current Data Privacy Rating is : stronger    Alexander Alvaro Germany ALDE


comments powered by Disqus