Controllers Processors in GDPR
HTML-код
- Опубликовано: 26 июн 2024
- Looking to achieve GDPR compliance within your organisation? Arrange a demo and free 14-day trial of Keepabl's award-winning Privacy Management SaaS: bit.ly/3rD4SO5
This fundamental question in GDPR should be straightforward, but it can even get Privacy professionals in knots! In the time it takes to have a cup of tea, we'll clearly set out the differences.
Want more top tips on how to operationalise Privacy at your organisation? Sign up to the Keepabl monthly newsletter: privacykitchen.tv/newsletter
Links:
Keepabl’s Guide & Regulator Checklists on Controllers & Processors
keepabl.com/news/controllers-...
UK ICO’s ‘At a Glance’ Guide to Controllers & Processors
ico.org.uk/for-organisations/...
UK ICO’s Detailed Guide to Controllers & Processors
ico.org.uk/for-organisations/...
UK ICO’s Data Protection Fee
ico.org.uk/for-organisations/...
European Commissioner FAQ on Controllers & Processors
ec.europa.eu/info/law/law-top...
Art 29 Working Party’s 2010 Guidance on Controllers & Processors under the EU’s 1995 Data Protection Directive
ec.europa.eu/justice/article-...
EDPS Guidelines on the Concepts of Controller, Processor and Joint Controllership under Regulation (EU) 2018/1725, November 2019
edps.europa.eu/sites/edp/file...
well done!
Very informative video - thank you. A video on the importance of a written contract under Article 28(3) would be most appreciated.
Great suggestion, thank you for contributing! Yes, we're looking to do a mini-series on Processors in the new year :)
Looking to achieve GDPR compliance within your organisation? Arrange a demo and free 14-day trial of Keepabl's award-winning Privacy Management SaaS: bit.ly/3xbovxU
@PrivacyKitchen I wonder whether you could clarify something for me? Many people have been telling me that a "natural person" i.e. private individual, someone who does not have a business, just a regular Joe, can be considered a Data Controller. I know the DPA quite well but not the GDPR. I would imagine it being highly impractical for private individuals to be classed as Data Controllers but some fairly reliable people have told me this is the case. I can't find anything that validates their opinion.
Thank you Robert! Excellent video. Did you manage to do a more in-depth video about where processors push it?
Thanks Adrian! We've got that scheduled and it's rising to the top of the queue, it's a great topic.
This is really helpful. How does intra-group data processing work? For example. Need more guidance on this pls.
Great topic for a video, thanks Madhvi! It's essentially the same as if each group member is an unknown third party. There's no free passes for group members. If you have BCRs (and wow, only 200 groups have ever had BCDRs approved so you most likely do not have BCRs) then the BCRs set out the rules - still no free pass, the BCR is a chunky set of rules.
Amazing videos, using alongside my study for the CIPP/E exam. Did you get around to doing one on joint controllers?
Many thanks! We've not yet but will do :)
@@PrivacyKitchen great! I'm eagerly anticipating watching. By the way, I successfully passed the CIPP/E exam, and I must say your videos were particularly helpful in certain areas. Thank you! 😊
Congratulations!@@Tola_A
Merci
Tu peux metez les sous-titres en Francais.
Is there any article or case where the data controller has breached or if a data controller didn’t know they were the data controller?!
For sure! Huge numbers of them in terms of controllers in breach. Here's the official EDPB website rounding up regulatory fines on controllers who breached GDPR: edpb.europa.eu/news/national-news_en. In terms of where people didn't know they were the controller, that's quite rare because you're either saying you didn't know GDPR applied (odd if you process personal data) or generally such rulings are where eg a list provider or recruiter says they're a processor (or joint controller or separate controller) - more about having an argument about what role you had.
@@PrivacyKitchen hmm that’s very helpful, let’s use today’s era as an example right, track and trace app for coronavirus. Would you think NHS is a data controller as they determine the why and how for processing personal data with the track and trace app and then the data processsors would be google, apple ect as they are allowing the app to operate on behalf of the controller. Or would you say nhs apple and google are joint controllers. Just tryna get a clear understanding with a current scenario! Any comment would be helpful
@@ajayxo6712 it's all fact specific but at first blush: NHS controller, everyone else it depends on their access to personal data (if no access, no GDPR role) and then their role
@@PrivacyKitchen thank you that is very informative... Facts are everything... In relation to that list and link you gave would you know any case where a company/person did not report a personal data breach but then was found guilty going against article 33(1) gdpr? Thanks in advance