With respect to GDPR a business needs to be aware of their role subsequent obligations.
All businesses will in some ways be both a Data Controller (HR Contracts, Payroll, Clients, and Prospects Data etc) as well as a Data Processor.
The definitions of each are;
•“A ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; (Art.4(7))
•‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; (Art.4(8))
The Data Controller and Data Processor are both responsible and liable for ensuring compliance with GDPR. This also includes ensuring any Third Party that maybe instructed by either person s also compliant with GDPR including Cloud based IT suppliers or international Call Centres.
We can help you maintain compliance and ensure that all parties are aware of their Liabilities and processes that need to be implemented including Binding Corporate Rules (BCR) if necessary.
Data Protection Officer
We are here to help you become compliant with GDPR and avoid hefty fines from the Supervisory Authority (ICO) as well as avoid private law suits. We help through; Monitoring Compliance, Provide information, Advice, and Liaise with the Supervisory Authority (ICO for the UK), Work with the Highest level of Management as well as Data Controllers and Processors, Help clients manage risk through Data Protection Impact Assessments (DPIA), Help design and Implement Corporate Policy to ensure Compliance with GDPR, Offer Corporate Awareness Training, Provide Advice, Where Requested, Cooperate and act as a Contact Point with the ICO on your behalf, Help Speak to Data Subjects on your behalf if there is ever an issue with a Data Breach.