GUIDANCE 1: Controller, Joint Controller, Processor or Secondary Processor?

This guidance is for anyone who wants to understand the different roles played when you are working with others on an activity that involves information about people (personal data).

Read this guidance to understand the different roles played when you are working with others on an activity that involves information about people (personal data).

Roles, responsibilities, and relationships
Before you read the guidance it is important to understand that any entity who is working with personal data is likely to be a controller it its own right when it is working with personal data to achieve its own goals.

However, you need to understand the roles of processors, joint controllers etc. when you start working with other parties to do something with personal data. When this happens, the relationship between yourself and the other parties and the relative roles you play in the specific activity you are working together on need to be defined.

A key consideration is determining which party is deciding on the purposes and manner of the specific processing, and who is working under instruction.

The Bailiwick of Guernsey's independent supervisory authority which regulates data protection legislation. The ODPA protects people by driving responsible use of personal information through helping organisations get it right, deterring harmful information handling, and taking enforcement action against significant non-compliance

Stay informed

Receive regular information and statistics related to our activities and governance

Follow the ODPA

The Office of the Data Protection Authority

+44 (0)1481 742074 info@odpa.gg

Block A, Lefebvre Court, Lefebvre Street, St Peter Port, GY1 2JP

Newsletters sign-up Data Processing Notice Careers Cookies

Website by & Indulge