- Understanding your role in relation to the personal data you are processing is crucial in ensuring compliance with the UK GDPR and the fair treatment of individuals.
- Your obligations under the UK GDPR will vary depending on whether you are a controller, joint controller or processor.
- The Information Commissioner’s Office (ICO) has the power to act against controllers and processors under the UK GDPR.
- Individuals can bring claims for compensation and damages against both controllers and processors.
- You should take the time to assess, and document, the status of each organisation you work with in respect of all the personal data and processing activities you carry out.
- Whether you are a controller or processor depends on several issues. The key question is – who determines the purposes for which the data are processed and the means of processing?
- Organisations that determine the purposes and means of processing will be controllers regardless of how they are described in any contract about processing services.
