Common use of Instructions of the Controller Clause in Contracts

Instructions of the Controller. (1) The Controller is responsible for compliance with the relevant data protection provisions, in particular for the admissibility of the data processing and for safeguarding the data subjects' statutory rights, stipulated by the GDPR. Statutory or contractual liability provisions shall remain unaffected. (2) The Processor processes the personal data disclosed by the Controller solely under the instructions of the Controller and within the scope of the agreed services/stipulations. Data must only be corrected, erased or blocked subject the Controller’s instructions. (3) Unless processing of certain personal data is required by law of the European Union or a Member State to which the Processor is subject, the Processor must only process data under the Controller’s instruction. In such a case, the Processor shall inform the Controller of that legal requirement prior to processing, unless that law prohibits such information on important grounds of public interest. (4) The Controller’s instructions require no specific form. Verbal instructions must be documented by the Controller. Instructions must be given in writing or in text form, if the Processor requires it. (5) If the Processor believes that an instruction given by the Controller infringes upon data protection laws, he must inform the Controller of this without undue delay.