Why is it important to determine your role in personal data processing? Controller or processor?
The responsibilities of each company or person in the
processing of personal data depend on whether they are the controller, the
joint controller or the processor. Therefore, it is very important
- responsibilities defined by General Data Protection Regulation (GDPR) and how to perform them;
- responsibilities towards individuals and supervisory authorities;
possible fines related to non-compliance with GDPR;- how to cooperate with other organizations
in order to ensure a responsible processing of personal data and respect of the rights of individuals; - what type of contract to conclude with another organisation or individual.
It is important to remember that an organisation or person
which processes personal data is not
Often companies or persons are unaware of their
role in the processing of personal data. Even more often, they are deliberately
negligent,
7 reasons why the implementation of personal data protection should not be postponed .
Besides the well-known and punitive fines which
1. Reputation risk - the penalties imposed and public information on company data breaches will definitely affect the company's reputation and will bring additional costs.
2. Profit drop - More and more potential clients and partners are choosing to collaborate and transfer their data only
3. Many cases of loss or disclosure of personal data happened because of the negligence and ignorance of one employee of the company, for which the company will be responsible
4. Supply Chain Risk - SMEs are an easy victim of cyber crime and thus a potential entry point to larger enterprise IT systems.
5. Suspension of operations - each supervisory authority has the power to impose a temporary or definitive limitation including a ban on data processing, which means full stop of business activity for certain type of companies.
6. The number of complaints has grown
7. 43% of cyber attacks target SMEs; 60% of small businesses go out of business within 6 months of a cyber attack. Read more