The Data Controller is the person or business determining the means and purpose of how data is processed. GDPR establishes greater accountability obligations on the Data Controllers to demonstrate compliance. This may include some of the following requirements:

  • Prepare and maintain relevant documentation

  • Minimise the amount of personal data being processed by implementing data protection by design and by default

  • Perform a data protection impact assessment

  • Provide a fair data processing notice to Data Subjects

The Data Processor is the person or business processing data on behalf of the Data Controller. The Data Processor is subject to different obligations under GDPR. These may include:

  • Maintaining a written record of their processing activities

  • Notifying the Data Controller, in case of a data breach

This information is provided for guidance and cannot be classified as official legal advice. For official direction related to your obligations under GDPR, please speak to your legal counsel.