Who does the GDPR apply to?
The new regulation applies to ‘Data Controllers’ and ‘Data Processors’ of ‘personal data’ collected by organisations who are operating within the EU, or to organisations outside of the EU that offer goods or services to individuals within the EU. The GDPR 2018 will place specific legal obligations on Controllers and Processors.
Under the GDPR, a Data Controller is an individual, organisation or body of persons who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. A Data Processor, in relation to personal data, means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller.
As per the definitions supplied by the Information Commissioner’s Office (ICO), Eurostop’s clients are the Data Controller, and Eurostop acts as a joint Data Processor. Eurostop will only process customer data under written instruction by its Clients.
As a solution supplier, Eurostop provides a solution to securely store personal data, and which can facilitate processing of that data. Eurostop’s system solution provides facilities for the client themselves to act on the data to carry out necessary tasks on the data.
For example
- Delete any personal data, as per their customer’s request
- Export personal data in a portable format, as per their customer’s request
Eurostop also provides support services to its clients; where the need arises for Eurostop to process data on behalf of the client, Eurostop will require a written instruction to proceed with processing, and will then execute that in a manner compliant with the GDPR regulations.