One of the areas that causes the greatest confusion in Data Protection (and always has) is the definition of a data controller as opposed to a processor. Controllers can use personal data for whatever they choose, as long as this does not infringe GDPR, whereas processors just do as they are told. Any time spent in the DP world will throw up examples of controllers claiming to be processors and vice versa.
This no-nonsense, plain English course will show how to negotiate this difficult territory – tips to spot a processor, risks when contracting out data processing and when you’re likely to be infringing the GDPR but you’ll do it anyway.
How the relationship works
What makes a processor – key criteria to identify them
Managing the risks of outsourcing
Enforcement associated with processors