Inspiring Business by Sharing Success

Attend the FREE information session on GDPR at the Love Business Expo, Thursday 22 February, 1.45pm - 2.45pm

From May 2018 organisations must be compliant with the General Data Protection Regulation (GDPR).

Register now to attend the FREE GDPR workshop Getting Ready for GDPR - 13:45-14:45 at Love Business


As the count down begins we can already see many organisations making changes to the way they are using their data.

There is plenty of help out there and a great place to start is with the Information Commissioners Office, their '12 steps to take now' booklet is packed with advice and is available as a PDF.

"Firms that don’t adopt the appropriate protections leave themselves open to tough penalties."

Dr Adam Marshall, Director General of the British Chambers of Commerce.

Download here!


In the PDF, there’s a checklist which highlights steps that could, and should be implemented immediately. Helpfully, the ICO also point out that while companies complying properly with current regulations will be able to use their existing approach, every business should guard against complacency. Some of the regulations are new and others feature significant enhancements to the existing rules.

Are you a data controller or data processor?

The ICO suggests organisations establish their roles before processing commences to ensure there are no gaps
in organisations’ responsibilities. An example they provide to explain this is ABC organisation engages a company which provides business services to administer its employee payroll function. The organisation also engages a marketing company to carry out a satisfaction survey of its existing customers.

Register now to attend the FREE GDPR workshop Getting Ready for GDPR - 13:45-14:45 at Love Business

The ‘Payroll Provider’ will need information about ABC Organisations employees.






Both ‘Paroll Services’ and ‘Satisfaction Marketing’ will be processing the information on behalf of the organisation, and so they are both data processors in the senario above.
However, they will also be processing personal data about their own employees and, in respect of that personal data, they will be data controllers.


The Marketing Provider will need information about ABC Organisations customers.






Data Controller

Data Processor

Under the Act, it is the data controller that must exercise control over the processing and carry data protection responsibility for it. The data controller determines the purpose for which data is processed. Data controllers remain responsible for ensuring their processing complies with the Act, whether they do it in-house or engage a data processor.

The ‘data processor’ processes data on behalf of the
data controller. Data processors are not directly subject to the Act. However, most data processors, if not all, will be data controllers in their own right for the processing they do for their own administrative purposes, such as employee administration or sales.

© 2018 Love Business

Register now to attend the FREE GDPR workshop Getting Ready for GDPR - 13:45-14:45 at Love Business

< Back