GDPR Roles – Where Does Your Organization Start?
The most common questions we’re hearing related to GDPR have to do with roles – what role does my organization play? Are we a data controller or data processor? Joint controller? Controller-processor? Where should we start in our journey towards GDPR compliance? This can be a confusing aspect of compliance, but GDPR requirements depend on roles, so determining what role your organization plays sets the groundwork for determining which GDPR requirements apply to you.
- Organizational size and structure is irrelevant.
- Processing activity is partially relevant.
- Data source is incredibly relevant.
- Contractual arrangements are completely relevant.
In this webinar, Mark Hinely also outlines a list of questions that should help your organization decide what its role is. Who decides…
- To collect the personal data in the first place and the legal basis for doing so?
- Which items of personal data to collect?
- What methods to use to collect personal data?
- The purpose(s) that the data are to be used for?
- Which individuals to collect data about?
- Whether to disclose the data, and if so, who to?
- Whether subject access and other individuals’ rights apply (i.e. the application of exemptions)?
- How long to retain the data or whether to make non-routine amendments to the data?
- How to store personal data?
- The detail of security surrounding the personal data?
- The means used to transfer personal data from one organization to another?
- The means used to delete or dispose of personal data?
Listen to the full webinar to learn about what your organization’s role is and hear Q&A from Regulatory Compliance Specialist, Mark Hinely. For more information on GDPR readiness, contact us today.