235.11DPOFederal Council OrdinanceSep 1, 2023Original source
The private controller and its private processor must issue regulations on automated processing if they:
process a large volume of sensitive personal data; or
carry out high-risk profiling.
The regulations must in particular include details of the internal organisational structure, data processing and control procedures and the measures that guarantee data security.
The private controller and its private processor must update the regulations regularly. If a data protection officer has been appointed, the regulations must be made available to the officer.
0 commentaries
No commentaries are available for this article yet.