GDPR standards apply to your employer and are fulfilled by its staff
Your organization can be a controller, a joint controller or a processor
Ask for internal guidance on how to cooperate and share data with other organizations and third parties
As I mentioned when talking liability, most data protection norms are binding to your employer. Your organization must implement adequate organizational and technical measures to ensure and be able to demonstrate compliance.
No matter what your organization is: little, large, public, private, for profit or not for profit, under data protection law, it can be a data controller, joint controller, processor or a further processor.
Typically your organization is a controller, acting on its own behalf and determining purposes and means of data processing. Sometimes, it becomes a processor, providing services towards data entrusted by other entities (e.g. storage). Your organization can also be a further processor, supporting data processing by initial processors (e.g. sub-subcontractor).
There might be a case, where a process is carried out jointly with another entity. For instance, there is a joint recruitment process for a whole capital group, or one webpage is jointly used by several companies to offer related products (let’s say babysitting and fairy tale video rental). Entities that jointly determine purposes and means of processing are joint controllers.
Similar with other organizations – if you share data with them, check if they are separate controllers, joint controllers, or maybe there is a controller-processor relationship with your firm. Sometimes, you share data with other third parties, who do not always apply data protection law – for instance wide public and people who process data for purely personal purposes. All these roles have different responsibilities and your organization should provide you with a clear framework for each type of cooperation.
Next: GDPR staff training 7/17 – how personal data should be processed?
Table of contents:
GDPR staff training 1/17 – preview
GDPR staff training 2/17 – how do you approach data protection right now?
GDPR staff training 3/17 – why protect data at all?
GDPR staff training 4/17 – what are personal data?
GDPR staff training 5/17 – what is personal data processing?
GDPR staff training 6/17 – who processes personal data?
GDPR staff training 7/17 – how personal data should be processed?
GDPR staff training 8/17 – what are your roles & responsibilities?
GDPR staff training 9/17 – why the need to know principle is so important?
GDPR staff training 10/17 – what difference can you make?
GDPR staff training 11/17 – how do you approach data protection right now?
GDPR staff training 12/17 – why provide information on data processing?
GDPR staff training 13/17 – what is the sense of consents to data processing?
GDPR staff training 14/17 – what to include in and how to apply contracts?
GDPR staff training 15/17 – what to include in & how to apply contracts?
GDPR staff training 16/17 – how to handle data subject requests?
GDPR staff training 17/17 – wrap-up
Self-implement GDPR in 16 steps:
Complete data protection system – A-Z course & templates