BCS MEMBERSHIP

navigation-membership-member.png

Join the global and diverse home for digital, technical and IT professionals.

CHARTERED IT PROFESSIONAL

navigation-membership-citp.png

CITP is the independent standard of competence and professionalism in the technology industry.

STARTING YOUR IT CAREER

Young Careers

Kick-start a career in IT, whether you're starting out or looking for a career change.

SOFTWARE TESTING CERTIFICATION

navigation-qualifications-swt.png

Over 100,000 professionals worldwide are certified with BCS.

ESSENTIAL DIGITAL SKILLS

navigation-qualifications-skills.png

Improve your digital skills so you can get on in today's workplace.

EVENTS CALENDAR

navigation-events-calendar.png

View all of our upcoming events.

ARTICLES, OPINION AND RESEARCH

navigation-articles-people.png

The latest insights, ideas and perspectives.

IN FOCUS

BCS MEMBERSHIP

CHARTERED IT PROFESSIONAL

STARTING YOUR IT CAREER

SOFTWARE TESTING CERTIFICATION

ESSENTIAL DIGITAL SKILLS

EVENTS CALENDAR

ARTICLES, OPINION AND RESEARCH

IN FOCUS

Responsible for data

Rachel Burnett, a solicitor with her own IT-focused practice, explains the different roles and responsibilities of data controllers and data processors.

In data protection, the 'data controller' is the organisation or individual legally responsible for: determining why and how it should be holding and processing the personal data; following the data protection principles, effectively a code of good practice; and taking decisions about the personal data.

A service provider who processes personal data as part of the services it provides on behalf of the data controller, is defined as a 'data processor'.

For example, in disaster recovery or outsourcing arrangements, the customer will be the data controller and the provider will be the data processor.

The distinguishing feature is that the data processor does not deal with the personal data in its own right.

In carrying out the processing service, the data processor is accountable to the data controller. The data controller therefore remains responsible overall for the processing.

In this relationship between provider and customer, each party has different legal requirements to meet, in order for the processing of personal data to be authorised and lawful.

The data protection principle about security is particularly relevant: 'Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data, and against accidental loss or destruction of, or damage to, personal data'.

There must be a written contract to ensure that the appropriate standards will be applied. It must require the data processor to act only on instructions from the data controller in respect of the personal data, and to guarantee the security of the processing.

Further provisions are advisable so that the data processor will use its best efforts to prevent any unauthorised or unlawful processing or any accidental loss, destruction or damage and to take all reasonable steps to ensure the honesty and reliability of its personnel.

It is up to the data controller to check that the data processor consistently meets the security standards and complies with all its contractual responsibilities.

Supplied by Rachel Burnett, solicitor, Burnett IT Legal Services.

Tags
Business / business change
Article
01 Jun 2007
01 Jun 2007
read
A A A
Share
Share linkedin social media

Similar from BCS

Article

Announcing the BCS Wales Hub

2 days ago
Article

Fighting Financial Crime with GPT

6 days ago
Article

The IT talent pipeline emerging roles and the new skills currency

14 days ago
Article

What is penetration testing?

21 days ago
Most recent