Data Controller and GDPR

GDPR compliance template

Data protection assurance checklists

Before undertaking our Data protection assurance self assessment checklists, you should first determine whether you process personal data as a “controller” or “processor”. The definition of these two terms can be found in our Guide to the GDPR.

In some instances, you will process personal information as both a controller and a processor. When this is the case, we would advise you complete both checklists.

Controllers checklist

Designed to help you, as a controller, assess your high level compliance with data protection legislation. Includes the rights of individuals, handling requests for personal data, consent, data breaches, and data protection impact assessments under the General Data Protection Regulations.

  • The GDPR applies to ‘controllers’ and ‘processors’.
  • A controller determines the purposes and means of processing personal data.
  • A processor is responsible for processing personal data on behalf of a controller.
  • If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach. 
  • However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
  • The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

Through working with the ICO we have digitally transformed its online data protection self-assessment toolkit for SMEs and Sole Traders into an updateable online compliance planning application with Google Sheets. The application can also be instantly downloaded and converted to an MS Excel workbook.

  • “Work continues on further development of a second version of the SME toolkit. We are also working with a third party, the Outcomes Partnership…” ICO, Business & Industry Sector, Good Practice, Information Rights report P18
  • “…The GDPR application adds significant additional functionality and integration options to our Data Protection toolkit…” ICO
  • “…The ICO will keep The Outcomes Partnership informed of any updates and/or additional requirements that the ICO make to their data protection self-assessment toolkit…” ICO

  • GDPR Compliance Planner is designed to be fully interactive with the ICO’s Guide to the GDPR; which is accurate, authoritative and accessible. See Elizabeth Denham’s speech at the Data Protection Practitioners’ conference, Apr 2018.
  • “My office has provided tools to guide businesses in their compliance work for GDPR – including checklists so you can assure yourself of the key points in your own thinking.” Elizabeth Denham, Information Commissioner, Dec 2018.
  • GDPR Compliance Planner follows ICO best practice! 

  • Accountability is one of the data protection principles – it makes you responsible for complying with the GDPR and says that you must be able to demonstrate your compliance. 
  • GDPR Compliance Planner is an ideal toolkit to enable your organisation to demonstrate compliance!

  • GDPR Compliance Planner data protection system is compliant with ICO requirements and standards. Authorised and Approved by the ICO, Business & Industry Sector, Good Practice Team
  • The application adds significant additional functionality and integration options to our SME DP toolkit. ICO, Business & Industry Sector, Good Practice Team
  • The ICO will keep The Outcomes Partnership informed of any updates and/or additional requirements that the ICO make to their data protection self-assessment toolkit. ICO, Business & Industry Sector, Good Practice Team
  • The application and content is hugely relevant both in our drive to compliance and in a format, that will enable us to clearly demonstrate our compliance with the GDPR. Sole Trader & Self Employed
  • As a SME we want to ensure that we are compliant with GDPR. This software has been a massive help in making us aware of exactly what we are required to do and helping us to record evidence of our compliance. SME

Reviews

  • GDPR compliance

    This is fantastic! It is exactly what I need to manage my compliance

    Thank you for your feedback.

  • You must log in to submit a review.