Know your responsibilities as your company’s data controller.
The time to be GDPR compliant is quickly approaching, so now is the time to make sure you understand your responsibilities as your company’s data controller.
With GDPR going into full effect very soon, it is essential for your data controller to understand their role and responsibilities for the new regulation. Data controllers and data processors will be the main people in your company in charge of any duty regarding the protection of personal data and enabling data subject rights. These two data leaders in your company will work together to ensure that your company is following the rules of the new GDPR law.
According to the new GDPR law, data protection controllers are, “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.” As the GDPR data controller of your company, here are a few responsibilities of your new role.
Responsibilities of the Data Controller Under the GDPR
The very first responsibility you have in your new role is to ensure that your company is GDPR compliant. With this comes the responsibility of educating the company on GDPR, what it is and how to avoid violating the new regulation. As the Data Controller for GDPR in your company, you oversee the principles regarding the processing of users’ personal data. Not only must you be GDPR compliant when it comes to the new law, but you must also be able to demonstrate compliance.
Two ways to demonstrate this is one, by adhering to a code of conduct and two, implementing a DPIA for data processing activities. Implementing a DPIA will allow you to determine whether the purpose and nature of any personal data your company processes need more attention or not.
According to Article 5 of the new GDPR law, there are six principles of personal data processing that you must be familiar with in order to ensure that you’re in compliance with the new law. As the data controller, you have a responsibility to ensure that everyone in your company is compliant. You yourself must also be able to demonstrate that you are compliant with the six principles relating to the processing of personal data and how you are compliant. The six principles regarded to in Article 5 of the new GDPR law are as follows:
- Lawfulness, Fairness, and Transparency
- Purpose Limitation
- Data Minimization
- Storage Limitation
- Integrity and Confidentiality
Have Appropriate Measures of Compliance & Data Protection
According to Article 24 of the new GDPR law, the data controller has the following essential responsibilities:
- Implement appropriate technical and organizational measures to ensure that processing is performed in accordance with the GDPR and demonstrate this.
- Implement the proper data protection policies.
- Use specific elements that help to demonstrate compliance, like codes of conduct or pseudonymizing techniques.
Enable GDPR Data Protection Design and Default Principles
As it says in the GDPR, data controllers must be able to demonstrate and prove how they are GDPR compliant. The GDPR takes this a step further in Article 25 by stating that to do this, they suggest using pseudonymizing techniques, can identify how the data protection principles were implemented and verify that only personal data that is needed for processing purposes was processed and include details of this.
Not only are data controllers responsible for all the above, they will also need to keep records of their processing activities and keep the new law in mind when they begin any new processing activities. As the data controller of your company, it is up to you to get everyone on board with the new regulation and ensure that your company understands the new law, so they don’t violate it. This might seem like a huge responsibility, and it is, but don’t be afraid to tell your company you need extra help because it is essential that they are compliant with this new law before time runs out.