Common use of Obligations and Rights of the Controller Clause in Contracts

Obligations and Rights of the Controller. 4.1 The controller is responsible for verifying the validity and suitability of the processor before entering into a business relationship. 4.2 The controller shall carry out adequate and appropriate onboarding and due diligence checks for all processors, with a full assessment of the mandatory Data Protection Law requirements. 4.3 The controller shall verify that the processor has adequate and documented processes for data breaches, data retention and data transfers in place. 4.4 Where the controller has authorised the use of any sub-processor by the initial processor, the controller must verify that similar data protection agreements are in place between the initial processor and sub-processor. 4.5 The controller has the authority to approve any third party in advance of work being carried out by the processer for the purposes of the controller. 4.6 Where the controller has authorised the use of any sub-processor by the initial processor, the details of the sub-processor must be added to Schedule 2 of this agreement.