Data Controller and GDPR

• The GDPR applies to ‘controllers’ and ‘processors’.
• A controller determines the purposes and means of processing personal data.
• A processor is responsible for processing personal data on behalf of a controller.
• If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach. 
• However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
• The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

Through working with the ICO we have digitally transformed its online data protection self-assessment toolkit for SMEs and Sole Traders into an updateable online compliance planning application with Google Sheets. The application can also be instantly downloaded and converted to an MS Excel workbook.

• “Work continues on further development of a second version of the SME toolkit. We are also working with a third party, the Outcomes Partnership…” ICO, Business & Industry Sector, Good Practice, Information Rights report P18. 
• “…The GDPR application adds significant additional functionality and integration options to our Data Protection toolkit…” ICO
• “…The ICO will keep The Outcomes Partnership informed of any updates and/or additional requirements that the ICO make to their data protection self-assessment toolkit…” ICO

• GDPR Compliance Planner is designed to be fully interactive with the ICO’s Guide to the GDPR; which is accurate, authoritative and accessible. See Elizabeth Denham’s speech at the Data Protection Practitioners’ conference, Apr 2018.
• “My office has provided tools to guide businesses in their compliance work for GDPR – including checklists so you can assure yourself of the key points in your own thinking.” Elizabeth Denham, Information Commissioner, Dec 2018.
• GDPR Compliance Planner follows ICO best practice! 

• Accountability is one of the data protection principles – it makes you responsible for complying with the GDPR and says that you must be able to demonstrate your compliance. 
• GDPR Compliance Planner is an ideal toolkit to enable your organisation to demonstrate compliance!

• GDPR Compliance Planner data protection system is compliant with ICO requirements and standards. Authorised and Approved by the ICO, Business & Industry Sector, Good Practice Team
• The application adds significant additional functionality and integration options to our SME DP toolkit. ICO, Business & Industry Sector, Good Practice Team
• The ICO will keep The Outcomes Partnership informed of any updates and/or additional requirements that the ICO make to their data protection self-assessment toolkit. ICO, Business & Industry Sector, Good Practice Team
• The application and content is hugely relevant both in our drive to compliance and in a format, that will enable us to clearly demonstrate our compliance with the GDPR. Sole Trader & Self Employed
• As a SME we want to ensure that we are compliant with GDPR. This software has been a massive help in making us aware of exactly what we are required to do and helping us to record evidence of our compliance. SME