Le responsable du traitement et le sous-traitant ainsi que, le cas échéant, leurs représentants coopèrent avec l’autorité de contrôle, à la demande de celle-ci, dans l’exécution de ses missions.
The controller and the processor and, where applicable, their representatives, shall cooperate, on request, with the supervisory authority in the performance of its tasks.
Dernière version consolidée (Rectificatif, JO L 127 du 23.5.2018, p. 2 (2016/679)). EUR-Lex – 02016R0679-20160504 – FR
The latest consolidated version of the Regulation with corrections by Corrigendum, OJ L 127, 23.5.2018, p. 2 ((EU) 2016/679). Source: EUR-lex.
(EN) ISO/IEC 27701, adopted in 2019, added a requirement additional to ISO/IEC 27001, section 4.2.
Here is the relevant paragraph to article 31 GDPR:
5.2.2 Understanding the needs and expectations of interested parties
The organization shall include among its interested parties (see ISO/IEC 27001:2013, 4.2), those parties having interests or responsibilities associated with the processing of PII, including the PII principals.
NOTE 1 Other interested parties can include customers (see 4.4 ISO 27701), supervisory authorities, other PII controllers, PII processors and their subcontractors.
NOTE 2 Requirements relevant to the processing of PII can be determined by legal and regulatory requirements, by contractual obligations and by self-imposed organizational objectives. The privacy principles set out in ISO/IEC 29100 provide guidance concerning the processing of PII.
NOTE 3 As an element to demonstrate compliance to the organization’s obligations, some interested parties can expect that the organization be in conformity with specific standards, such as the Management System specified in this document, and/or any relevant set of specifications. These parties can call for independently audited compliance to these standards.