Responsibility: Personal or organisational?


With new data protection laws coming into force, does this change the responsibility: Is it personal or organisational?  Is responsibility on the data controller or the data processor?


Ultimately, your organisation is responsible for the personal data it collects!  If you pass the information you have collected to a third party for processing, you must ensure that the processor treats the data in the same way you would.

If your organisation keeps or processes any information about living people, you are a data controller. If you process personal data but do not have responsibility for that personal data, then you are simply a data processor.


What is clear from the new GDPR laws are the increased responsibilities on organisations to perform improved levels of consent notification to individuals about their data.  The accountability principle (article 5[2] of the EU GDPR), requires your organisation to demonstrate that you comply with the principles and states explicitly that it is your organisations’ responsibility.  “But how can I demonstrate that I comply?” For more information on this and more, our training courses help you find your way.


But what is not clear at first glance are the personal levels of responsibility.  Organisation’s are required to help create a responsible culture; a shift to training staff under the GDPR is a strong recommendation to proving proactive education and raise awareness of the individual’s responsibilities, which is where our training courses are designed to help you!