To get the most out of implementing GDPR with the help of our toolkit, you will need to spend some time adapting the templates to your own specific organisation, governance, processes, technical infrastructure, IT systems, and applications. We have provided a file in the toolkit with step-by-step instructions how to use the GDPR Templates Kit.
A controller determines the purposes and means of processing personal data.
A processor is responsible for processing personal data on behalf of a controller.
If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
The GDPR applies more broadly than might be apparent at first glance. Unlike privacy laws in some other jurisdictions, the GDPR is applicable to organisations of all sizes and all industries. Specifically, the GDPR applies to:
processing of anyone’s personal data, if the processing is done in the context of the activities of an organisation established in the EU (regardless of where the processing takes place);
processing of personal data of individuals who reside in the EU by an organisation established outside the EU, where that processing relates to the offering of goods or services to those individuals or to the monitoring of their behaviour.
The EU is often viewed as a role model on privacy issues internationally, so we also expect to see concepts in the GDPR adopted in other parts of the world over time.
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.