
GDPR DATA CONTROLLER
Data Controller Responsibilities
GDPR Data Controller Responsibilities & imposing obligations on the Supplier / data processor.
The Data Controller is responsible.
The DC must:
-
Be Accountable and Demonstrate compliance. (Article 27)
-
Adopt Privacy by design – all new projects subject to DPIA; all legacy systems should have non-compliances designed out. (article 25).
-
Appoint a representative in the EU (If not in a member state). (Article 27).
-
Develop Due Diligence when using a third party Data Processor (Article 28). Please download the spreadsheet to see an IL7 questionnaire for 3rd party suppliers (developed for HMG framework agreements).
-
Keep records of all processes (Article 30).
-
Do security well (Article 32).
-
Report a breach within 72 hours (Article 33).
-
Inform the data subject if it is a serious breach (Article 34).
-
Conduct Data Protection Impact Assessments (DPIA) (Article 35/36).
-
Appoint a DPO (Articles 37,38,39).