Need a certification?

Get certified in Information Governance Level 1 (VTQ) for just £19.95 + VAT.

Get Started

Roles within GDPR

Video 8 of 20
2 min 12 sec
English
English
vimeo-icon Watch Using YouTube Player Transcript

Previous video

Data Subject and Personal Data under GDPR

Next video

Lawful Basis for Processing

Data Protection Officer, Controller, and Processor: Overview

Data Protection Officer (DPO)

Role: The Data Protection Officer oversees GDPR compliance.

  • Requirement: Small organizations handling minimal data may not need to appoint a DPO.
  • Appointment Criteria: A DPO is necessary if:
    • You are a public authority.
    • You conduct large-scale systematic monitoring of individuals.
    • You process large-scale special categories of data.
  • Responsibilities:
    • Hold relevant qualifications and detailed GDPR knowledge.
    • Report to top management and be fully involved in data protection matters.
    • Cannot be penalized for carrying out their duties.

Data Controller

Definition: The entity determining the purposes and means of data processing.

  • Examples: Individuals, organizations, companies, agencies, or public authorities.

Data Processor

Definition: The entity processing personal data on behalf of the controller.

  • Examples: Individuals, organizations, companies, agencies, or public authorities.
  • Role: Processes data without decision-making authority.
  • Examples: Accountants handling payroll, online service providers like Salesforce.
  • Distinguishing Factor: Processors do not control or make decisions about the data they process.

Entities can fulfill both controller and processor roles, depending on the context.

Previous video

Data Subject and Personal Data under GDPR

Next video

Lawful Basis for Processing