http://www.legislation.gov.uk/id/eudn/2020/655

SECTION 3DATA PROTECTION OFFICER, CONTROLLERS AND DATA PROTECTION COORDINATORS

Article 7Tasks and duties of a controller

1.

A controller shall ensure that all processing operations involving personal data that are performed within its area of responsibility comply with the provisions of Regulation (EU) 2018/1725 and any other Union data protection provisions applicable to the ECB.

2.

A controller shall ensure that the DPO is informed, without undue delay, of the following:

(a)

any issue that has, or might have, data protection implications;

(b)

any opinion, document, internal policy or internal decision that may impact on the ECB’s data protection compliance, before adoption;

(c)

any personal data breach or other incident concerning data protection;

(d)

any direct interaction of a controller with the EDPS.

3.

A controller, shall, in particular:

(a)

consult the DPO in a timely manner on any activities related to the processing of personal data or any other data protection issues;

(b)

conduct and approve data protection impact assessments in cooperation with the DPO and pursuant to Article 39 of Regulation (EU) 2018/1725;

(c)

comply with any relevant internal policies related to the processing of personal data or any other data protection issues;

(d)

maintain, in cooperation with the data protection coordinators, regularly updated records of processing activities in accordance with Article 31(5) of Regulation (EU) 2018/1725, using the template approved by the DPO.

4.

When assisting the DPO and the EDPS in performing their duties, a controller shall provide full information to them, grant access to personal data and respond to questions within 20 working days of receiving a request.