Note: Your progress in watching these videos WILL NOT be tracked. These training videos are the same videos you will experience when you take the full ProFirstAid Advanced program. You may begin the training for free at any time to start officially tracking your progress toward your certificate of completion.

  1. Roles within GDPR

Sign Up
Show full transcript for Roles within GDPR video

Data Protection Officer, Controller, and Processor: Overview

Data Protection Officer (DPO)

Role: The Data Protection Officer oversees GDPR compliance.

  • Requirement: Small organizations handling minimal data may not need to appoint a DPO.
  • Appointment Criteria: A DPO is necessary if:
    • You are a public authority.
    • You conduct large-scale systematic monitoring of individuals.
    • You process large-scale special categories of data.
  • Responsibilities:
    • Hold relevant qualifications and detailed GDPR knowledge.
    • Report to top management and be fully involved in data protection matters.
    • Cannot be penalized for carrying out their duties.

Data Controller

Definition: The entity determining the purposes and means of data processing.

  • Examples: Individuals, organizations, companies, agencies, or public authorities.

Data Processor

Definition: The entity processing personal data on behalf of the controller.

  • Examples: Individuals, organizations, companies, agencies, or public authorities.
  • Role: Processes data without decision-making authority.
  • Examples: Accountants handling payroll, online service providers like Salesforce.
  • Distinguishing Factor: Processors do not control or make decisions about the data they process.

Entities can fulfill both controller and processor roles, depending on the context.