How to Demonstrate Compliance With GDPR Article 29

Processing Under the Authority of the Controller or Processor

Book a demo

business,team,meeting.,photo,professional,investor,working,new,start,up

GDPR Article 29 requires organisations to only process data on instruction, unless required to do otherwise by a legal authority.

GDPR Article 29 Legal Text

EU GDPR Version

Processing under the authority of the controller or processor

The processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process those data except on instructions from the controller, unless required to do so by Union or Member State law.

UK GDPR Version

Processing under the authority of the controller or processor

The processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process those data except on instructions from the controller, unless required to do so under domestic law.

ISO 27701 Clause 8.2.2 (Organization’s Purposes) and EU GDPR Article 29

From the outset, PII should only ever be processed in accordance with the customer’s instructions.

Contracts should include SLAs relating to mutual objectives, and any associated time scales that they need to be completed within.

Organisations should acknowledge their right to choose the distinct methods that are used to process PII, that lawfully achieve what the customer is looking for, but without the need to obtain granular permissions on how the organisation goes about it on a technical level.

Index of Linked EU GDPR Articles and ISO 27701 Clauses

GDPR ArticleISO 27701 ClauseISO 27701 Supporting Clauses
EU GDPR Article 29ISO 27701 8.2.2None

How ISMS.online Helps

Our pre-built environment allows you to describe and demonstrate how you protect European and UK customer data that seamlessly integrates into your management system.

A breach of GDPR can result in significant fines, making it one of the world’s toughest privacy and security regulations. As a result, it implies that organisations must protect personal data to a ‘reasonable’ extent.

But here’s the good news.

In a secure, always-on location, ISMS.online makes it easy for you to jump right into GDPR compliance and demonstrate a level of protection that extends beyond ‘reasonable’.

Find out more by booking a short 30 minute demo.

ISMS.online is a
one-stop solution that radically speeded up our implementation.

Evan Harris
Founder & COO, Peppy

Book your demo

We’re cost-effective and quick

Discover how that will boost your ROI
Get your quote

Explore ISMS.online's platform with a self-guided tour - Start Now