What is a data subject?
Knowing whether you are a data controller, joint controller or processor is important as each role has different obligations.
Data Subjects
Data Subjects
Knowing whether you are a data controller, joint controller or processor is important as each role has different obligations.
Both processors and controllers can be sued by data subjects and the ICO can also take action against both. It is therefore essential that you clarify what your role is, ensuring you keep a record of what data processing functions you are undertaking.
It doesn’t matter how your role is defined in an agreement or what your title is, it is the reality of your situation that is important. If you determine the purposes and means of processing data then you will be considered to be a data controller.
Data Controller GDPR
A data controller under the GDPR is “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”
The 2018 Data Protection Act adds that where personal data is processed owing to a specific enactment, then the person specified in the enactment will be the controller.
Processors are different from controllers; processors act on behalf of, and only on the instructions of, the relevant controller.
Controllers have the highest level of compliance responsibility within an organisation – and they are responsible for the compliance of all processors.
Data Protection Officers (DPO)
DPOs or Virtual Data Protection Officers (vDPOs) are distinct from data processors and controllers. A DPO is a person within an organisation who has responsibility for data processing compliance within that business or organisation. Most large businesses will be required to have a DPO, but some business even where they are not required, often opt to appoint a DPO to ensure proper data protection compliance.
Data Controller Examples
Examples of who might be a data controller are companies, partnerships, self-employed people, and sole traders – therefore the range of businesses that might be a controller are vast including lawyers, accountants, dentists, doctors, supermarkets, building contractors, banks, and other businesses, whether conducted online or not.
Governmental and non-governmental organisations will also be data controllers as will other organisations such as the police, hospitals, schools and local authorities.
Contact Us
Related Articles
Related
Deletion of Absolute & Conditional Discharges
What can you do about an absolute discharge once you receive one, and what are the implications of an absolute discharge and also a conditional discharge? Is it possible to have an absolute or a conditional discharge deleted from the PNC or is it only possible to...
What is the meaning of processing of personal data?
Processing therefore is an extremely broad concept and covers pretty much anything that can be done to personal dataProcessing of personal dataProcessing of personal data Article 4(2) of the GDPR defines data processing as: any operation or set of operations which is...
What is a relevant filing system?
Data protection regulation does not just apply to electronically processes personal data, but is applies in certain circumstances to paper based, manual, filing systems - previously know as "relevant filing systems" under the Data Protection Act 1998.Filing...
Deletion of Absolute & Conditional Discharges
What can you do about an absolute discharge once you receive one, and what are the implications of an absolute discharge and also a conditional discharge? Is it possible to have an absolute or a conditional discharge deleted from the PNC or is it only possible to...
What is the meaning of processing of personal data?
Processing therefore is an extremely broad concept and covers pretty much anything that can be done to personal dataProcessing of personal dataProcessing of personal data Article 4(2) of the GDPR defines data processing as: any operation or set of operations which is...
What is a relevant filing system?
Data protection regulation does not just apply to electronically processes personal data, but is applies in certain circumstances to paper based, manual, filing systems - previously know as "relevant filing systems" under the Data Protection Act 1998.Filing...
What is the GDPR?
You would be forgiven for thinking that data protection regulation only started in 2018 with the introduction of the EU's General Data Protection Regulation (GDPR).Data Protection Law You would be forgiven for thinking that data protection regulation only started in...
Head Office
Legisia Legal Services
The North Colchester Business Centre
340 The Crescent
Colchester
Essex, CO4 9AD
Cases are conducted nationwide & internationally
Additional consultation Address (Not Postal)
50 Liverpool Street
London EC2M 7PY