As experts in data protection, privacy and the GDPR, we wanted to share our knowledge with you to ensure your compliance journey is as simple as possible. With a clear understanding, data protection best practice will become a natural part of your organisation’s way of working - a benefit to you and your business.
So take a look over our GDPR and data protection resources below.
Am I a controller, a processor, or both?
Controllers of personal information are the ones with all the liability under the GDPR, right? Wrong. Processors have obligations under the GDPR too. And then there’s joint controllers as well. They are jointly liable to people who have suffered damage because of a GDPR breach. To confuse matters further, an organisation can be both a controller and a processor at the same time (although not in relation to the same processing activity).
Data controller or data processor? Understanding your responsibilities and risks
Organisations handle personal data in different ways. Some organisations referred to as “data controllers” call the shots, as they decide what the data is for and how it’s used. Others essentially do what they are told; they process the data on behalf of the data controller, and these are known as “data processors”.