The data subject’s rights, governed by the principle of transparency from the outset, are set forth in Clause 10 and are very similar to those provided for in Article 13 of the GDPR. A new provision is that the parties must establish rules for liability and compensation. Furthermore, regardless of the liability attributed by the GDPR to the exporter of personal data, the rule of joint and several liability applies, so the data subject may file a claim with any of the parties involved.
The contractual clauses contained in European Commission Decisions 2001/497/EC and 2010/87/EU will be repealed as of September 27, 2021. Likewise, an additional 15-month period is established for importers and exporters to stop using the CCTs established in the aforementioned Decisions.
DPO certification is considered a valid and appropriate tool for objectively and impartially assessing the appropriate level of competence to perform the functions entrusted to this entity. ANF AC, as a Certification Entity recognized by ENAC, has the technical competence necessary for DPO certification in accordance with the AEPD Scheme.