GDPR Consulting Services – What does GDPR mean?
GDPR is an acronym for “General Data Protection Regulation”, which, is a regulation that has been approved by The European Parliament, European Commission and the Council of the European Union with the aim to strengthen and ultimately unify Data Protection for all persons within the European Union.
Application of the GDPR
The GDPR will apply to personal data. “Personal data” is defined as information regarding to an identifiable natural person, known as the “Data Subject”. Identifiable natural person means a person for who can be identified either directly from information or indirectly from information, particularly by reference to an identification such as ID number, name and/or location data.
Anonymised data will not be covered by the GDPR and is also currently not covered by The Data Protection Acts within Ireland. The familiar Data Protection terminology of “Data Processors” and “Data Controllers” are continued in use within the GDPR.
What is a Data Controller and Data Processor and why are these terms important?
A Data Controller – means a person that determines the exact purposes and the methodology by which the personal data is and will be processed. The ultimate responsibility for Data Protection Compliance ends with The Data Controller.
Negligence is not an excuse for a Data Controller. For a data controller to process data, they are to be aware of their responsibilities and cannot claim indemnification even if they were advised to conduct certain activates in a certain way from a separate person.
Example: Company X receive personal data during their daily activities and stores that information while in use. Company X then receives advise from Company Y as to the best method to dispose of the said information once no longer required in use. Company X then disposed of the information however, the information is found again and it is found that the method for disposal waste not in compliance. Company X will be fully responsible as the Data Controller and will receive the penalties as the disposal method was not in compliance.
A Data Processor – means a person who processes personal data for a data controller. It is the Data Controller who decides the purpose and manner to be followed during the process, hence they hold responsibility, and, it is the Data Processor who will process the data. Process means, any operation that is conducted upon personal data including but not limited to, collection, storage, consultation, dissemination, erasure and destruction.
Therefore, if a person hires a data processor to conduct a process on their data, it is the ultimate responsibility of the Data Controller to be in compliance. It is the ultimate responsibility of the data controller to be fully aware of the process being conducted and to know that the said process is in full compliance. There is no room for error/guessing.
For further information about our GDPR consulting services and compliance with the GDPR, please contact the team at firstname.lastname@example.org and read our GDPR compliance page.