The PSAPs, including eCall PSAPs, shall be regarded as F1controllers within the meaning of F2Article 4(7) of the GDPR. Where the eCall data is to be sent to other emergency control centres or service partners pursuant to Article 3(5), the latter shall also be considered as F1controllers. F3The Secretary of State shall ensure that the processing of personal data in the context of the handling of the eCalls by the PSAPs, the emergency services and service partners is carried out in accordance with F4the data protection legislation and provision made by or under an enactment in implementation of Directive 2002/58/EC, and that this compliance is demonstrated to the national data protection authorities.

In particular, F5the Secretary of State shall ensure that personal data are protected against misuse, including unlawful access, alteration or loss, and that protocols concerning personal data storage, retention duration, processing and protection are established at the appropriate level and properly observed.