The ICO and Seven Shades of Grey

If you’ve nothing to do at lunchtime and you’re an experienced DP person try the ICO quiz on the difference between Data Controllers and Data Processors. You can find it here. After all it’s not a hard quiz. Data Controllers determine the purpose and own the data; data processors just do as they’re told. For years we’ve had this easy to understand relationship and many organisations have outsourced some work involving personal data, drawn up the contract, monitored the performance of it and we all knew where we were. Data Controllers were liable for any problems and Data Processors just did as they were instructed.

Recent guidance from the ICO changes this. Instead of clear yes/no and black/white definitions the commissioner recommends that each relationship with another person processing your data is examined to see how much influence the other person has over how the data is processed. As a result there are no easy answers. Just some shades of grey.

If you are eager to do the quiz and go for it without reading the guidance prepare yourself for a shock. Better DP experts than yourself have taken the test and not performed at all well.

The guidance is well meaning but bends over backwards to accommodate every possible possibility that it’s not that useful.

Image credit

Author: actnowtraining

Act Now Training is Europe's leading provider of information governance training, serving government agencies, multinational corporations, financial institutions, and corporate law firms. Our associates have decades of information governance experience. We pride ourselves on delivering high quality training that is practical and makes the complex simple. Our extensive programme ranges from short webinars and one day workshops through to higher level practitioner certificate courses delivered online or in the classroom.

Leave a Reply