The ICO and Seven Shades of Grey

If you’ve nothing to do at lunchtime and you’re an experienced DP person try the ICO quiz on the difference between Data Controllers and Data Processors. You can find it here. After all it’s not a hard quiz. Data Controllers determine the purpose and own the data; data processors just do as they’re told. For years we’ve had this easy to understand relationship and many organisations have outsourced some work involving personal data, drawn up the contract, monitored the performance of it and we all knew where we were. Data Controllers were liable for any problems and Data Processors just did as they were instructed.

Recent guidance from the ICO changes this. Instead of clear yes/no and black/white definitions the commissioner recommends that each relationship with another person processing your data is examined to see how much influence the other person has over how the data is processed. As a result there are no easy answers. Just some shades of grey.

If you are eager to do the quiz and go for it without reading the guidance prepare yourself for a shock. Better DP experts than yourself have taken the test and not performed at all well.

The guidance is well meaning but bends over backwards to accommodate every possible possibility that it’s not that useful.

Image credit www.jimbanks.com

This entry was posted in Data Protection, Data Sharing, ICO, Personal Data, Privacy, Tribunal and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s