Supervision by the controller in the processing of personal data by the processor regarding security measures
The responsible party must be able to demonstrate that he/she complies with the principles of the data protection legislation.
This includes, among other things, that the processing agreement or other legal act must state which information system or other technology the processor uses and what technical and organisational security measures it should take.
It is not enough to conclude a processing agreement or to build on a different type of legal act, but the controller must also ensure that the processor truly complies with all the instructions therein.
The need to demonstrate compliance means that the controller must be able to prove compliance, for example through documents and procedures, and be able to demonstrate the effectiveness of the measures that he has decided to apply.
