Having a basic understanding of the personal data relationship you have with your customers not only helps you comply with data protection laws, but it can also take the pain out of the contract negotiation process.
If there was a breach or a complaint or the data protection watchdog, the ICO, decided to carry out an audit relating to customer related personal data, the first questions it will ask is:
- what personal data does your business process in relation to your customer and/or their customers? and
- whether your business considers itself a data controller or a data processor in relation to that personal data.
Data protection is a very complex area of law, but once you’ve got the basics you will be armed for business life. You don’t need to know everything about data protection, just what it means for your business. Contracts are just one part of the data protection story for any business processing personal data, but they cause a lot of angst when you are trying to get a contract over the line. From a client perspective, for those negotiating themselves or instructing lawyers or having to speak to a lawyer about this stuff can be heavy work.
As well as ticking a very big GDPR box, the pain of negotiations for clients can be seriously reduced by understanding two very important things:
- The true legal meaning of “data controller” and “data processor”
- Understanding the data protection relationship, you have with your customers.
A very common relationship is the data controller – data processor relationship.
In her webinar Bloody Contracts and Data Protection for non-lawyers, Tracey will explain in simple terms the difference between a data controller and a data processor and explain some common scenarios where the data controller- data processor relationship exists and in general what this means for your business. Sign up for free here.
