Expert Advice Community

Guest

Scope as a data controller

  Quote
Guest
Guest user Created:   Apr 13, 2021 Last commented:   Apr 14, 2021

Scope as a data controller

Hi, so I want to ask that we are a UK based company with office in asia, who provide saas solutions. Now in terms of the products that we offer we shall be a data processor. I am still not clear on our responsibility of data where we would be acting as a data controller, for example we would be acting as DC for
1. our employee data
2. any data we gather through cookies
3. contact information gathered through contact us forms on our website
4. supplier data (if any is based in uk or EEA)
5. customer data in regard to sales and contracts (incase we have european or uk based customers)

Is this correct ?

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Apr 14, 2021

Yes, it is correct, you listed the cases in which your company will act as a data controller. In these cases, in fact, you decide the purpose and means of data processing: the management of the employment relationship, your website, the relationship with your clients, and your suppliers. On the contrary, your app provides a service that other companies (your clients) will use, so all data that you will collect and process through your SaaS will be processed on behalf of your clients, which is the definition of a data processor.

As a data controller, you are responsible for fair, transparent, and correct data processing, you need to provide information about your processing, collect consent and guarantee that data subjects can exercise their rights. You need to comply with all obligations that the GDPR requires the controller to comply with as stated in Article 24 GDPR.

Here you can find more information about the distinction between the data controller and data processor:

If you want to learn how to comply with EU GDPR requirements you may consider enrolling in our free training EU GDPR Foundations course: https://training.advisera.com/se/eu-gdpr-foundations-course//

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Apr 13, 2021

Apr 14, 2021

Suggested Topics

Guest user Created:   Sep 30, 2020 EU GDPR
Replies: 1
0 0

GDPR Privacy querries

Guest user Created:   Aug 12, 2021 EU GDPR
Replies: 1
0 0

DPIA’s and Clients' data