What is a data subject?

Sep 26, 2019Data Protection & Privacy

Knowing whether you are a data controller, joint controller or processor is important as each role has different obligations.

Data Subjects

Data Subjects

Knowing whether you are a data controller, joint controller or processor is important as each role has different obligations.

Both processors and controllers can be sued by data subjects and the ICO can also take action against both. It is therefore essential that you clarify what your role is, ensuring you keep a record of what data processing functions you are undertaking.

It doesn’t matter how your role is defined in an agreement or what your title is, it is the reality of your situation that is important. If you determine the purposes and means of processing data then you will be considered to be a data controller.

Data Controller GDPR

A data controller under the GDPR is “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”

The 2018 Data Protection Act adds that where personal data is processed owing to a specific enactment, then the person specified in the enactment will be the controller.

Processors are different from controllers; processors act on behalf of, and only on the instructions of, the relevant controller.

Controllers have the highest level of compliance responsibility within an organisation – and they are responsible for the compliance of all processors.

Data Protection Officers (DPO)

DPOs or Virtual Data Protection Officers (vDPOs) are distinct from data processors and controllers. A DPO is a person within an organisation who has responsibility for data processing compliance within that business or organisation. Most large businesses will be required to have a DPO, but some business even where they are not required, often opt to appoint a DPO to ensure proper data protection compliance.

Data Controller Examples

Examples of who might be a data controller are companies, partnerships, self-employed people, and sole traders – therefore the range of businesses that might be a controller are vast including lawyers, accountants, dentists, doctors, supermarkets, building contractors, banks, and other businesses, whether conducted online or not.

Governmental and non-governmental organisations will also be data controllers as will other organisations such as the police, hospitals, schools and local authorities.

Contact Us

Related Articles

Related

What is the GDPR?

What is the GDPR?

You would be forgiven for thinking that data protection regulation only started in 2018 with the introduction of the EU's General Data Protection Regulation (GDPR).Data Protection Law You would be forgiven for thinking that data protection regulation only started in...

read more

Head Office 

Legisia Legal Services

The North Colchester Business Centre

340 The Crescent

Colchester

Essex, CO4 9AD

Cases are conducted nationwide & internationally

Additional consultation Address (Not Postal)

50 Liverpool Street

London EC2M 7PY

Pin It on Pinterest

Share This