controller

Prevention of security violations of information exchange networks is something that has always been the concern of legislators. This issue is important because in today's era, as an electronic era, breaching the security of information exchange networks leads to information leakage and creating grounds for abuse, which misuse of people's personal information can, sometimes even have destructive effects on biological security or cause the personal assassination of the nationals of a country. The legal system of the European Union in this field includes detailed regulations, among which we can refer to the General Data Protection Regulations approved in 2016. These regulations contain detailed rules in the field of maintaining and preventing information security violations. The main question that this research seeks to answer is, what mechanisms does Article 32 of these regulations contain in order to prevent security violations of information exchange networks? In order to answer the above question, the present research, in a documentary way, by presenting the provisions of the above-mentioned article and analyzing its clauses, the mechanisms determined in this article in the four categories of anonymizing and encrypting personal data, ensuring confidentiality, integrity, availability, and flexibility. processing systems and services, risks (risk) related to information processing and compliance with formal requirements, and in the conclusion part, he tried to provide some policy recommendations, including how to amend the laws and regulations approved in Iran's legal system, informing the people through Mass communication media and systematizing the granting of licenses to the activities of transnational companies as the results of the review of Article 32 of the European Union regulations approved in 2016.

All EU member states are required to have maximum protection over personal data by ratifying the EU General Data Protection Regulation (GDPR). Data processors in order to fully realize these protections are required to comply with various obligations according to these regulations. These obligations are expressed in various GDPR articles for the purpose of effective protection of personal data and data subject persons. It became clear by explaining these obligations from the point of view of European regulations relating to personal data that the Iranian Legal System did not stipulate such obligations and that only the generalities of these obligations can be inferred from various sources of Iranian law, such as the statute laws, the fundamentals of Iranian law, and Jaʿfarī Jurisprudence. It should be noted that these implied significations are insufficient to accurately explain the various obligations of data processors and the transparency of the details of this matter needs to be clarified by the legislator. This research in this regard has provided the proposed provisions regarding various obligations of data processors, including the controller’s liability towards the processing process, the controller’s commitment towards choosing the appropriate processor, keeping records of processing activities, cooperating with supervisory authorities, ensuring the security of processing, informing and servicing the breach of personal data to supervisory authorities and the data subject (relevant persons of data), and appointing data protection officers (DPOs).

comparative study Responsibilities Applicant processing entity, controller and processor Under gdpr and Bill »preservation and protection of personal data«AbstractMany times Institutions that actually or potentially hold people's data Attempt to delegate the processing of data to third parties,The question that arises This is that Assignment processing What kind of service provider CanHelp protect data privacy? Vacuum addressing the definition and responsibility of the processing applicant body It is felt in the GDPR and Bill «preservation and protection of personal data». The applicant body must not only be aware of its primary responsibility, its necessary Differences in responsibilities and obligations Between controller and processor usage Also understand. The comparative review of these roles is under the GDPR and the Bill is very applicable, Regarding Assign controller and processor assignments The bill needs reform, But overall under both regulations Assign services to an independent controller It is more effective for protecting the privacy of individuals and reducing the applicant's obligations.