These are three linked courses on the same day about dealing with third parties – you can book all three for a discount or take your pick from the three.
One of the areas that causes the greatest confusion in Data Protection (and always has) is what it means to be a joint controller. How does it differ from disclosing data to another controller or dealing with a processor? What are the risks that you need to be aware of? On this brisk, practical session, we’ll cover all the important issues.
- How do you work out whether you’re joint controller with another organisation?
- Do we need a data sharing agreement and what should go in it?
- How do we deal with rights requests and breaches?
- Who is liable when something goes wrong?
Controllers vs Processors
One of the areas that causes the greatest confusion in Data Protection (and always has) is the definition of a data controller as opposed to a processor. Controllers can use personal data for whatever they choose, as long as this does not infringe GDPR, whereas processors just do as they are told. Any time spent in the DP world will throw up examples of controllers claiming to be processors and vice versa. This no-nonsense, plain English course will show how to negotiate this difficult territory – tips to spot a processor, risks when contracting out data processing and when you’re likely to be infringing the GDPR but you’ll do it anyway.
- How the relationship works
- What makes a processor – key criteria to identify them
- Managing the risks of outsourcing
- Enforcement associated with processors
Disclosure (you probably call it data sharing)
Data sharing is often perceived to be the most complex and difficult of GDPR issues, but the legislation doesn’t see disclosure as being any different to other forms of processing. There are pitfalls, especially if the data will be re-purposed or where you might need to disclose confidential or sensitive data. This a practical, plain English guide to ensuring that disclosures are lawful and justified – as well as details of how the DPA exemptions apply and what the rules are for special categories data, the course also covers data sharing agreements, data processors and disclosures across international boundaries.
- Why is data sharing the wrong name for it?
- Key data sharing risks
- Justifying sharing with third parties
- Enforcement and court cases involving data sharing