The relationship between Data Controllers and Data Processors

The relationship between Data Controllers and Data Processors

Back in the GDPR key terms article  we outlined two key parties: Data Controller Data Processor So who's who? In the relationship be

GDPR and PECR
GDPR Video Series – What’s next, what do I need to know?
Lawful basis for processing personal data

Back in the GDPR key terms article  we outlined two key parties:

  • Data Controller
  • Data Processor

dezrez building

So who’s who?

In the relationship between your estate agency and Dezrez, you are the data controller and Dezrez acts as the data processor.

As the Data Controller, you have responsibility for the data collected and how it is processed

So where does the processor come into things?

As a processor, Dezrez can only act on the instructions of the controller.

So what does the GDPR say?

The GDPR quite simply says when a controller uses a processor there must be a contract in place which covers certain complusory details.

  •  The subject matter and duration of the processing;
  •  The nature and purpose of the processing;
  •  The type of personal data and categories of data subject; and
  •  The obligations and rights of the controller.

It also lists a number of compulsory terms around data processing and security.

server room dezrez

So where is my data held?

Now this depends on which product you use (Dezrez or Rezi). But all data is held within secure data centres  and servers within the European Union.

So what do I need to do?

You’ll see the Contract Addendum drop into your inbox via Docusign over the next couple of weeks. It’s a short document which just outlines the respective responsibilities of the Processor (us) and Controller (you). It’s a standard set of terms and conditions and there’s no other changes to your existing terms and conditions with us.

Its really important that you sign it. It’s a legal requirement for both parties to have this agreement in place. If you have any questions please drop us a line on 0845 465 2222 or email mail@dezrez.com and we’ll endeavour to help.

Disclaimer: This article is based upon our understanding of the General Data Protection Regulation (GDPR).  There are still some aspects of the GDPR which are undetermined or are awaiting guidance from the ICO.  This should not be relied upon as legal advice nor how GDPR may apply to your organisation.  We encourage you to work with a legally qualified professional to understand GDPR, how it applies specifically to your organisation, and how best to ensure compliance.

COMMENTS

WORDPRESS: 0