Call us now Email a specialist
+353 1 6420100 | info@ward.ie
  • Resources
  • Blogs
  • Why does data processing play a critical role in…

    By Vincent Naughton on August 29, 2017

    A processor is an organisation (can be a natural person) that processes personal data on behalf of a controller. Bearing in mind the expansive definition of processing – any operation carried out on personal data which includes collection, destruction to storage; there are a number of organisations out there that fulfil processing activities. 

    • Insights

      [powr-countdown-timer id=5137ae2d_1491490870751]

      With under nine months to go until the commencement of GDPR, we hope that your organisation is well on its GDPR road of discovery at this stage.
      A processor is an organisation (can be a natural person) that processes personal data on behalf of a controller. Bearing in mind the expansive definition of processing – any operation carried out on personal data which includes collection, destruction to storage; there are a number of organisations out there that fulfil processing activities.  As data protection legislation stands (pre GDPR commencement), the obligations of a data processor are limited and therefore processors may not be aware that GDPR introduces a big change for them as they now have serious obligations under GDPR and become responsible for any breaches they commit under the new regime. Any such breach can result in legislative fines, and/or actions by data subjects that have suffered material or non-material damage as a result of a breach and contractual claims from controllers.
      Although, these obligations may not always have been adhered to in the past, since the introduction of the Data Protection Acts there has been an obligation on controllers to ensure that where data is processed by a processor on behalf of the data controller that there is a written contract in place between the controller and the processor which included certain conditions. These requirements however have been expanded under Article 28 of the GDPR which sets out detailed conditions which must be included in any contract between a controller and processor. It is the obligation of both the controller and the processor to ensure this requirement is met. (There is of course nothing stopping you from agreeing more stringent conditions in the contract – the requirements of Article 28 set the minimum threshold).
      Some processors are only now waking up to the relevance of GDPR to them. This may happen when a controller client at contract renewal is taking a new attitude to the required agreement to be entered into, security audits etc. Remember where you are entering into a one-year contract now it needs to take into account the requirements of GDPR as GDPR will commence during the term of the contract. In entering into a contract for a new service we ourselves have had a processor refuse to sign a data processing agreement in accordance with Article 28 saying “nobody has ever asked us to sign this before”. This required some (free) education for the processor on the requirements of GDPR! For those processors out there who have not yet started their GDPR journey of discovery you need to get your skates on because your GDPR aware controller customers may end up going to your GDPR ready competitors as with so much now at stake under GDPR they will just not be happy to take the chance on you.
      If you require assistance in relation to getting your organisation GDPR ready contact gdpr@ward.ie.
      To keep up to date with what you exactly need to know about GDPR, download our whitepaper here:
       
      [lab_subscriber_download_form download_id=2]

    • Latest Blogs