The ICO and Seven Shades of Grey

If you’ve nothing to do at lunchtime and you’re an experienced DP person try the ICO quiz on the difference between Data Controllers and Data Processors. You can find it here. After all it’s not a hard quiz. Data Controllers determine the purpose and own the data; data processors just do as they’re told. For years we’ve had this easy to understand relationship and many organisations have outsourced some work involving personal data, drawn up the contract, monitored the performance of it and we all knew where we were. Data Controllers were liable for any problems and Data Processors just did as they were instructed.

Recent guidance from the ICO changes this. Instead of clear yes/no and black/white definitions the commissioner recommends that each relationship with another person processing your data is examined to see how much influence the other person has over how the data is processed. As a result there are no easy answers. Just some shades of grey.

If you are eager to do the quiz and go for it without reading the guidance prepare yourself for a shock. Better DP experts than yourself have taken the test and not performed at all well.

The guidance is well meaning but bends over backwards to accommodate every possible possibility that it’s not that useful.

Image credit www.jimbanks.com

About actnowtraining

Act Now Training Ltd specialise in information law. We have been providing training and consultancy services globally for over 15 years. We have an extensive GDPR course programme from live and recorded webinars, accredited foundation through to higher level certificate courses delivered throughout the country or at your premises. We pride ourselves on having well renowned experts in the fields of Data Protection, Freedom of Information, Surveillance Law and Information Management. All our experts have worked within the public and private sectors and have many years of experience of training and consulting in these areas. Our clients include central government, local authorities, multi-national corporations as well as other public and third sector bodies including schools. Please visit our website to see the range and testimonials of our satisfied clients.
This entry was posted in Data Protection, Data Sharing, ICO, Personal Data, Privacy, Tribunal and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s