Giving Data Subjects control over their Personal Information requires that they also have a say in who should have access to their Personal Information. This domain deal with the sharing of Personal Information between a Responsible Party and third party contractors. Third party contractors can either be Operators, Sub-Operators, or Co-Responsible Party’s.

Frequently Asked Questions

  1. Must be a written agreement – section 21(1);
  2. Operator must only process the Personal Information with the knowledge or the authorisation of the Responsible Party – section 20(a);
  3. Operator must treat Personal Information which comes to their knowledge as confidential – section 20(b);
  4. Operator must not disclosed the Personal Information – section 20(b);
  5. Operator must notify the Responsible Party of security compromises – section 21(2);
  6. Consequences of non-compliance for the Operator;
  7. Using of sub-operators.