GDPR-28-07
Requirement
28 — Processor
Ensure personnel confidentiality commitments
Description
Processors must ensure that persons authorised to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
GDPR-28-01
Data Governance
Use only processors with sufficient guarantees
GDPR-28-02
Requirement
Obtain authorization before engaging sub-processors
GDPR-28-03
Transparency
Inform controller of intended sub-processor changes
GDPR-28-04
Documentation
Establish binding contract with processor
GDPR-28-05
Requirement
Process only on documented controller instructions
GDPR-28-06
Transparency
Inform controller of legal processing requirements
GDPR-28-08
Requirement
Assist controller with data subject rights requests
GDPR-28-09
Requirement
Assist controller with compliance obligations
GDPR-28-10
Requirement
Delete or return data after service end
GDPR-28-11
Transparency
Provide compliance information and audit access
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started