The GDPR applies to ‘controllers’ and ‘processors’.
A controller determines the purposes and means of processing personal data.
A processor is responsible for processing personal data on behalf of a controller.
If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach. However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU. The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.
This checklist highlights the key steps you can take now to prepare for GDPR, based on advice published by the Information Commissioner’s Office (ICO) – the UK’s independent body set up to uphold information rights.
Digitech Confidential can help you through the preparation for GDPR. We can help you create awareness, run a data audit, update privacy information and much more.
We simply ask you:
I Where is My Data Hosted?
I Who has Access to My Data?
I How Does Your System Allow Us to Obtain and Store Consent?
I How Does Your System Help Me Delete Personal Data?
I How Does Your Organisation Comply With GDPR?
Digitech Confidential offers a comprehensive set of event management solutions, services and expertise that can help support your journey to GDPR readiness.
Our consultants can help you take the steps for compliance.