Back in the GDPR key terms article we outlined two key parties: Data Controller Data Processor So who's who? In the relationship be
Back in the GDPR key terms article we outlined two key parties:
- Data Controller
- Data Processor
So who’s who?
In the relationship between your estate agency and Dezrez, you are the data controller and Dezrez acts as the data processor.
As the Data Controller, you have responsibility for the data collected and how it is processed
So where does the processor come into things?
As a processor, Dezrez can only act on the instructions of the controller.
So what does the GDPR say?
The GDPR quite simply says when a controller uses a processor there must be a contract in place which covers certain complusory details.
- The subject matter and duration of the processing;
- The nature and purpose of the processing;
- The type of personal data and categories of data subject; and
- The obligations and rights of the controller.
It also lists a number of compulsory terms around data processing and security.
So where is my data held?
So what do I need to do?
You’ll see the Contract Addendum drop into your inbox via Docusign over the next couple of weeks. It’s a short document which just outlines the respective responsibilities of the Processor (us) and Controller (you). It’s a standard set of terms and conditions and there’s no other changes to your existing terms and conditions with us.
Its really important that you sign it. It’s a legal requirement for both parties to have this agreement in place. If you have any questions please drop us a line on 0845 465 2222 or email firstname.lastname@example.org and we’ll endeavour to help.
Disclaimer: This article is based upon our understanding of the General Data Protection Regulation (GDPR). There are still some aspects of the GDPR which are undetermined or are awaiting guidance from the ICO. This should not be relied upon as legal advice nor how GDPR may apply to your organisation. We encourage you to work with a legally qualified professional to understand GDPR, how it applies specifically to your organisation, and how best to ensure compliance.