Compliance Library Blog Product Sign In
GDPR-29-02 Prohibition 29 — Processing under the authority of the controller or processor

Authorized persons instruction compliance obligation

Description

Any person acting under the authority of the controller or processor who has access to personal data must not process those data except on instructions from the controller, unless required to do so...

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Sign In to View

Related Obligations

GDPR-29-01 Prohibition

Processor instruction compliance obligation

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Start your compliance assessment

Map obligations to your AI systems, identify gaps, and generate board-ready reports. Plans start at $149/mo.

Get Started