Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

Are You A Controller Or Processor?

by Adam Brogden
in Blog

12-Dec-2018 09:40

This is a fundamental question and the basis of much of your approach to GDPR. The ICO has just issued new guidance on this which is definitely worth checking out. Want to know which you are? Try this:

  1. Do you collect the data on your website, application form, computer system?

  2. Do you store the data on your own servers, cloud-based storage system, effectively in your database?

  3. Do you decide how the data is processed? The forms, processes, algorithms used? Even if someone else does this processing on your behalf?

  4. Do you decide when to delete the data?

  5. Would you expect to answer any questions about a person's’ data? For example, to respond to a SAR?

If the answer to these is mainly ‘Yes’ then you are the Controller, but if you process the data on behalf of your customer or other third party then you are probably a Processor.

The responsibilities for the Controller and Processor are different and the difference in VERY important so understanding which of these applies. In some cases you may even be a Joint Controller, for example if you are an Accountant, Bookkeeper, Lead Generation company etc…, in these cases even if you are working for a client you are effectively deciding how the data should be processed and as such become the Joint Controller.

If you are not sure please feel free to call to discuss! This is absolutely fundamental and choosing the wrong option could lead to huge problems!

For more information, take a look at the latest ICO info on the ICO website.

Good luck all.