Controller vs Processor roles

Answer:

You cannot choose the role of controller or processor, these derive from the processing activity each party undertakes. In your case schools, municipals, police, etc. will be processing data independently for their own purposes so they will all be independent controllers.

2. Who should be controller if the school works with some specific education systems, that are held by 3rd parties (commercial, i.e.) and local municipality does not have ide about that or does not make decision – if that is neede or net for the school, but local municaplity pays for such service to 3rd party (commerc.)?

Answer:

Same as for question 1.

3. If we specify each separate (by functions) department, division (each scho ol, i.e.) as a controller, then municpality could be specified as a processor – that’s so in some relations; in other relations – they could be vice versa

Answer:

You should stick to the respective municipal body and not go on department, or individual level. The schools are all independent legal entities so they will all be each independent data controllers.

4. What is the praxis or opinions about that? Can it be so, that one subject plays various roles? And where to describe it? In policies?

Answer:

From my experience the various bodies of local governments such as the schools, the mayor`s office, local police, local hospitals they are all dependent data controllers as they are processing data independently and for their own purposes.
You can learn more about the difference between controllers and processors and their roles by going through this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

We've received other questions:

>5. Might be the solution is to specify for each part roles (controller/processor/joint controller) defined on specific and explicit functions?
>I mentioned, that sometimes the school acts as a controller – the school decides what/why/how to do with some data. But, sometimes, it acts as a processor – i.e. state ministery of education force schools to do something and provides technical resources as a state database for registering children, etc. – how to be?

Answer:

I still see the school as an independent data controller even if uses a database provided by the ministry of education.

>6. Should we state in the Privacy policy, that for one (to be specified wich one) processing and data categories in this processing the school is controller, for another one (also, to be specified) – the school is a processor on behalf of noted controller?
>Maybe I am digging to complex or deep?

Answer:

You will need to mention in your Privacy Notice that the data collected by the school will be passed to other independent data controllers.