RF and SC have assessed the situations and will review where it is necessary to conduct one.
Annexes:
Annex A.
Process For Data Protection Impact Assessments.
Annex B
Data protection, privacy and communications policy.
[1] The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
[2] The controller says how and why personal data is processed. Controllers are not relieved of their obligations where a processor is involved. GDPR places further obligations on them to ensure your contracts with processors comply with the GDPR.
[3] The processor acts on the controller’s behalf. GDPR places specific legal obligations on processors; for example, they are required to maintain records of personal data and processing activities.
[4] Controllers must be able to demonstrate that consent was given.
[5] The working party includes the DMA, ISBA and cross-sector data protection and privacy specialist.
Thank you to our supporters at:
Registered in England and Wales No. 08556057
Charity Commission Number 1152978
Telephone us on: 07411 665354
Email us at: [email protected]