Although it is not an explicit figure in the GDPR, it is found in Article 4 in relation to third parties.
The GDPR states that persons who process personal data under the direct authority of the data controller and the data processor are not considered to be third parties.
The persons authorized to process personal data are all those who, while carrying out their tasks and duties, manage and process personal data.
The concept of data processing is very wide and for this reason, it is essential to correctly manage all the necessary authorizations, both by the data controller and by the data processor.
Within UTOPIA there is a section entirely dedicated to these figures. You can enter information such as the name of the authorized persons, the surname, the TIN and specify for example the tasks performed including the processing activities to which they were authorized.
There are two ways you can manage the authorized persons:
In both cases, go to the Organization chart section of any organization and click the New or Import button.
By clicking the Import button you can:
Remember that each authorized person can also perform more than one job and you can indicate separate them using comma: job 1, job 2, job 3.
While importing UTOPIA performs some checks on the data:
If even one of these conditions is not met, the import will be interrupted and you will have to check the data, fix and reimport it.