The General Data Protection Regulation (GDPR) mandates that those who are accountable for processing data within an organization comply with the regulation. According to the GDPR, a controller is “the person, authority, or agency that determines the purposes and means of processing personal data.” A processor is someone who processes data on behalf of the controller. This training video, the fourth in a four-part series on the GDPR, explains the responsibilities of data controllers and data processors.

Viewers learn how one of the responsibilities of overseeing data processing is maintaining a record of processing activities, such as keeping a table to enter data. Under the GDPR’s Article 35, “Data Protection Impact Assessment” controllers must assess whether data is high risk or low risk. Examples of high-risk data include health or religious information.

This course emphasizes the importance of understanding how a company collects and processes data, and how organizations ensure their practices comply with the GDPR. A Data Protection Officer must be appointed if a company is above a certain size or participates in certain type of activities, which is elaborated on within this course. A Data Protection Officer is specially trained to monitor compliance of the GDPR by management and employees. Viewers also learn about reporting violations and the penalties for not reporting data breaches.

Take this important course to learn more about the role data processors and data controllers have in protecting data under the GDPR.

This course is in 4 parts: Part 1 | Part 2 | Part 3 | Part 4