In practice this means the organisation responsible for making decisions about personal data. For example, a bank might collect the data of its clients when they open an account.
Responsibilities of data controllers
All data controllers must comply with certain important rules about how they collect and use personal information.
Some data controllers must register annually with the Data Protection Commissioner, in order to make transparent their data handling practices.
Typical examples are service providers providing outsourced services to the controller such as marketing, accounting and HR services. In so doing, they deal with or store personal information data in accordance with the instructions of the controller.
So, to differentiate the processor from the controller, the bank in the above example would be the controller and the outsourced HR company would be the processor that stores and then uses the customer’s personal data in accordance with the controller’s instructions.
Responsibilities of data processors
Data processors must only process personal data on the instructions of the Data Controller. These responsibilities concern the necessity to keep personal data secure from unauthorised access, disclosure, destruction or accidental loss. In addition all data processors, whose business consists wholly or partly in processing personal data on behalf of data controllers who are required to register, are also required to register with the Data Protection Commissioner as a data processor.
We take GDPR seriously
I’m Ragnar, Director of Hero IT Support. I’m a certified GDPR practitioner and an expert in data compliance:
- 10+ years experience as a company Director
- Software developer
- BSc, Computer Science and Artificial Intelligence
- Directly responsible for data security/transfer/encrytion for our clients
- Business technology advisor and public speaker
- Qualified EU GDPR Foundation level and Practitioner
Expert knowledge of data processing, transfer, storage and collection is essential for the modern day IT Support company.
If you need help in making sense of exactly how GDPR will affect you, take a look at the resources below. I will continue to blog about GDPR as the waters become less murky and the ICO releases more information. You can follow me via the social media links below, or sign up to Ragnar’s GDPR Review email.