Sign Up

What is 8 + 4?

Have an account? Sign In Now

Sign In

What is 8 + 4?

Forgot Password?

Don't have account, Sign Up Here

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

What is 8 + 4?

Have an account? Sign In Now

Please type your username.

Please type your E-Mail.

Please choose an appropriate title for the question so it can be answered easily.
Please choose the appropriate section so the question can be searched easily.

Type the description thoroughly and in details.

What is 8 + 4?

Sign InSign Up

Watercooler by DPOrganizer

Watercooler by DPOrganizer Logo Watercooler by DPOrganizer Logo

Watercooler by DPOrganizer Navigation

Search
Ask A Question

Mobile menu

Close
Ask a Question
  • Home
  • Categories
    • GDPR
    • Privacy Management
    • Professional Development
    • Software tips and tricks
    • Polls
  • Help
  • About Watercooler
Home/ Questions/Q 8494
Next
In Process
Anonymous
  • 0
Asked: November 18, 20212021-11-18T09:45:40+01:00 2021-11-18T09:45:40+01:00In: GDPR

Audit of a Data Processor

  • 0

Our data processor has included the provision to charge us a fee to cover their expense of providing resources to facilitate an audit or inspection that we, as Controller, might wish to do. I’ve not seen this before, has anyone else accepted this from their Processor?

  • 2 2 Answers
  • 0 Followers
  • 0
Answer
Share
  • Facebook

    2 Answers

    • Voted
    • Oldest
    • Recent
    1. lara

      lara

      • 0 Questions
      • 1 Answer
      • 0 Best Answers
      • 1 Point
      View Profile
      lara
      2021-11-25T15:44:13+01:00Added an answer on November 25, 2021 at 3:44 pm

      I have seen similar clauses and have always pushed back as I don’t think either party should pay for the other to comply with its own obligations under the GDPR. I have never had to accept it so far. I agree it is more of a commercial decision but as long as audit rights are limited (e.g. once a year or when there is a data breach rather than unlimited audit right) then it is reasonable to ask that each party bears its own costs.

      • 0
      • Reply
      • Share
        Share
        • Share on Facebook
        • Share on Twitter
        • Share on LinkedIn
    2. Dean

      Dean

      • 0 Questions
      • 41 Answers
      • 0 Best Answers
      • 41 Points
      View Profile
      Dean Silver contributor
      2021-11-18T10:01:32+01:00Added an answer on November 18, 2021 at 10:01 am

      I seen a good deal of contracts where data processors use wording like “at Customer cost, Supplier will”.
      The GDPR is silent on whether a data processor should be paid for assisting with a data controller’s obligations, and especially in the audit right.
      From a data processors perspective, it is a commercial discussion, rather than a data protection question. Will they help with audit, yes, is it going to cost the controller for the processor’s time, yes.

      You can always try to push back, but I’ve added words like, “reasonable” into those clauses and you can even reference to a fee model so that costs don’t spiral.

      • 0
      • Reply
      • Share
        Share
        • Share on Facebook
        • Share on Twitter
        • Share on LinkedIn

    Leave an answer
    Cancel reply

    You must login to add an answer.

    What is 8 + 4?

    Forgot Password?

    Sidebar

    Ask A Question

    Trending contributors

    Smurf333

    Smurf333

    • 11 Answers
    Bronze contributor
    Dave_Wylie

    Dave_Wylie

    • 28 Answers
    Bronze contributor
    CRodica

    CRodica

    • 6 Answers
    Rising star contributor
    Atis

    Atis

    • 4 Answers
    Andrea

    Andrea

    • 15 Answers
    Bronze contributor

    Recent questions

    • Anonymous

      Instagram!!

      • 0 Answers
    • Olga

      DPO in EU and UK

      • 0 Answers
    • Smurf333

      DBS scenario with HR retaining excessive information for longer than ...

      • 0 Answers
    • CRodica

      Parties role towards employees data for administrative purposes

      • 0 Answers
    • Donna

      ‘serious harm test’ for health data

      • 0 Answers

    Explore

    • Home
    • Categories
      • GDPR
      • Privacy Management
      • Professional Development
      • Software tips and tricks
      • Polls
    • Help
    • About Watercooler

    Footer

    Your privacy

    • Cookie notice
    • Privacy notice

    Terms and policy

    • Acceptable Use Policy
    • Terms of Use

    © 2021 DPOrganizer. All Rights Reserved. With Love by DPOrganizer.