Appointing Data Controller
"I provide some help to a Horizontal Drilling company in Ireland of around 25 personnel who carry out work for major construction and civil engineering companies in the UK mainland. I am looking at GDPR in the company and consider that they should appoint a Data Controller for GDPR compliance, am I right in my assumption? and if so will they require training considering this is small family company
Assign topic to the user
Every company is at some point a data controller, for common personal data processing operations like hiring, payroll, financial reporting, etc, and its responsibilities are detailed in Article 24 – Responsibility of the controller. If your question is related to Data Protection Officer, the requirements of a company whether to designate a DPO or not are detailed in Article 37 GDPR - Designation of the data protection officer. Namely, a company must designate a DPO if it is a public authority or body, or if its core activities consist of processing operations that require regular and systematic monitoring of data subjects on a large scale; or if its core activities consist of processing on a large scale of special categories of data and personal data relating to criminal convictions and offenses. However, designating a DPO can be seen as a highly-recommended organizational measure to lower the risks related to personal data processing.
If the company decides to designate a DPO, we recommend taking the EU GDPR Data Protection Officer Course on Advisera (link below) and working with the EU GDPR Documentation Toolkit provided by Advisera (link below) that contains all necessary documentation to become GDPR-compliant.
Please also consult these resources:
- EU GDPR controller vs. processor – What are the differences? https://advisera.com/articles/eu-gdpr-controller-vs-processor-what-are-the-differences/
- Key roles defined in EU GDPR: https://advisera.com/articles/key-roles-defined-in-eu-gdpr/
- Article 24 – Responsibility of the controller: https://advisera.com/gdpr/responsibility-of-the-controller/
- Article 37 GDPR - Designation of the data protection officer: https://advisera.com/gdpr/designation-of-the-data-protection-officer/
- EU GDPR Data Protection Officer Course: https://advisera.com/gdpr/processor/
- EU GDPR Documentation Toolkit: https://advisera.com/toolkits/eu-gdpr-documentation-toolkit/
- The role of the DPO in light of the General Data Protection Regulation: https://advisera.com/articles/the-role-of-the-dpo-in-light-of-the-general-data-protection-regulation/
- How to hire the right DPO?: https://advisera.com/articles/how-to-hire-the-right-dpo/
Comment as guest or Sign in
Dec 24, 2022