What Controllers Need to Know about the GDPR

Organizations and companies dealing with the acquisition, storage, and processing of personal information have to comply fully with the General Data Protection Regulation (GDPR) before May 2018. The regulations are so stringent and the fines so hefty, that anyone found flouting the rules risks a serious fine. Personal data is an emotive issue which continually evolves into complex situations, and as such proper regulatory frameworks are needed.

GDPR Impact on Controller Profession

The GDPR describes a controller as ‘a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means for the processing of personal data’. The GDPR brings some new obligations to controllers. They are obliged pursuant to Article 30 GDPR to keep a record of the following data:

  1. The name and contact details of you as controller and of the data processing officer appointed by you and the processor, if applicable
  2. The processing objectives
  3. A description of the categories of personal data
  4. The categories of recipients to whom personal data has been or will be supplied, including  international organizations or organizations located in third countries
  5. The third country or international organization to which you transferred personal data and the documents concerning appropriate safeguards for governance
  6. The envisaged periods of time within which the different categories of personal data must be deleted
  7. A general description of the technical and organizational security measures.

Controllers are not the only ones who are obliged to keep these records. Anyone who supports controllers’ tasks, like IT professionals, are also required to comply with these rules.

Compliance Drives Business

Controllers, as well as IT professionals, will benefit from the EXIN Privacy and Data Protection program. This certification covers the required knowledge of laws and regulations relating to data privacy and how this knowledge can be used to ensure compliance. It is a well-thought-out, well-structured program that covers GDPR issues for controllers and other personnel in an organization dealing with customer data.