How Do I Know If I

How Do I Know if I’m a Data Controller or Data Processor?

The impending GDPR operates on a distinction between data controllers and data processors. However, in the real world where complex relationships exist between businesses, such a distinction can be difficult to draw, leading to organisations becoming confused as to what their responsibilities are when it comes to data protection.

To understand the difference between controllers and processors, it is important to first understand what is meant by ‘holding’ personal data and ‘processing’ it. Holding data is relatively self-explanatory: If you possess personal data about others, then you hold personal data. Data processing relates specifically to collecting or manipulating raw data in order to draw meaningful conclusions. For example, if you collected the addresses and household income of residences across the UK and then used the information to categorise the most and least affluent areas, this would be data processing. However, data processing is not limited to this kind of activity and can take many different forms.

In simple terms, a data controller has control over the processing of data, whereas the data processor is the party that actually enacts the process. A data controller decides:

  • To collect the personal data in the first place and the legal basis for doing so
  • Which items of personal data to collect, ie the content of the data
  • The purpose or purposes the data are to be used for
  • Which individuals to collect data about
  • Whether to disclose the data, and if so, who to
  • Whether subject access and other individuals’ rights apply ie the exemptions, and
  • How long to retain the data or whether to make non-routine amendments to the data.

 

A data processor has no say in these decisions, although they may decide:

  • What IT systems or other methods to use to collect personal data
  • How to store the personal data
  • The detail of the security surrounding the personal data
  • The means used to transfer the personal data from one organisation to another
  • The means used to retrieve personal data about certain individuals
  • The method for ensuring a retention schedule is adhered to, and
  • The means used to delete or dispose of the data.

Data controllers and processors are not mutually exclusive, a single organisation may both control and process the same set of data. It is important to know which category your organisation falls into (or if it falls into both) before GDPR comes into play on the 25th of May.

Quest can remove the headache and get your company GDPR compliant without the stress. To book a Free Review, call Jonny on 0844 8797286.

We are offering a Disciplinary Workshop to all businesses to give you invaluable knowledge to help with staff management. Book your place here.

Back to News

Testimonials

Northern Accountants

Sarah and the team at Quest have provided us HR support since January 2013.

Quest Consulting Services provided us with a comprehensive employment structure with contacts and a handbook and have been on hand to help me deal with the occasional issue I have faced with team members through their telephone support service.

As our personal Consultant, Sarah provides a quality, professional and complete service which is great value for money.

Northern Accountants

Off Limits Corporate Events

Sarah has transformed our HR and has introduced systems that have taken lots of hassle away from staffing issues within our company.

We have worked with Sarah and her team for 5 years and in this time our business has grown considerably. With telephone support available for all our Managers as they need it plus Sarah and her team proactively keeping us updated on changes in legislation we are reassured that we are in safe hands.

The HR software that Quest implemented also helps us keep on top of the routine aspects of HR such as holiday bookings, recording absence, holding personnel records which then allows Sarah and her team easy access to give us relevant advice.

Our Managers have also benefited from workshops run by Sarah to help develop their skills on handling issues such as disciplinary, appraisals, recruitment etc….

The support of Quest is invaluable and provides a much more cost effective solution than employing a HR Manager in house.

Off Limits Corporate Events

10 Associates

Why would anybody NOT have Sarah working 'alongside' their business?

I've known Sarah for many years and she's always been there for me and the business when her wealth of knowledge has been called upon.

We have used Sarah and her team to handle our contracts, handbook and Health & Safety and they are readily available on the telephone when needed or on site at our premises.

Highly recommended.

10 Associates

Facebook Posts

Latest Tweets

Latest News

Do you have contractors on your premises?   Do you have contractors working for you? This could be an electrician, gas engineer, roofer,...

Read more >