As a data controller, you have overall responsibility for ensuring that personal data is processed lawfully, securely and correctly - both internally and by your data processors
GDPR for data controllers - What do you need to know?
As a data controller, you have overall responsibility for ensuring that personal data is processed lawfully, securely and correctly - both internally and by your data processors.
This includes being able to document how you meet the GDPR's requirements for security, risk assessment, information and responsibility.
What is a data controller in GDPR?
A data controller is the company or organization that determines the purposes and means of processing personal data - and thus bears responsibility for compliance with GDPR.
What does a data controller need to be able to document?
- Records of processing activities
- Risk assessments and security measures
- Data processing agreements and supervision
- Deletion rules, disclosure and consent
- Dealing with breaches and data subject requests
When do businesses typically need help?
- When GDPR requirements are unclear or difficult to implement
- When there is a lack of resources to maintain compliance
- When customers or partners start asking for documentation
When the company wants an impartial assessment of its setup
Need practical help?
If you are already in progress but need an overview, sparring or a specific compliance process, we offer advice tailored to your situation.
Read more about advice for data controllers
Do you need to document your GDPR compliance?
We prepare ISAE 3000 declarations that give you credible and recognized documentation for customers, partners and authorities.
Read more about our declarations here
Tool: Lexoforms
Lexoforms gives you an overview and structure in your GDPR work.
Risk assessments, controls and policies are gathered in one place - giving you a good foundation for both consulting and auditing.
Frequently asked questions (FAQ)
What is the difference between data controller and data processor?
The controller determines the purposes and means of processing, while the processor only acts on instructions.
Do we need to keep records if we process little personal data?
Yes - all controllers must keep records unless the exemption in GDPR Article 30(5) applies. But this is rarely the case in practice.
Is a data processing agreement template enough?
No - the agreement should reflect your actual collaboration and treatment. Many companies need help to ensure this.
Contact us - we'll guide you further
Do you have questions about your responsibilities or want an assessment of your GDPR setup as a data controller?
Contact us for a no-obligation chat - we're ready.
Contact Simon
-
Simon Okkels
Simon Okkels is a Certified Information Systems Auditor (CISA®) - a global certification that guarantees deep knowledge of audit processes, reporting and compliance procedures within IT auditing and IT and information security.
Contact John
-
John Richardt Søbjærg
John Søbjærg is a state-authorized public accountant with in-depth knowledge of small and medium-sized companies in many industries. He has many years of experience in advising companies and issuing auditor's reports.
Contact Rasmus
-
Rasmus Lykke Sørensen
We are always ready to meet
Let's have a no-obligation conversation about what you and your business need and what we can offer. Just fill in the fields in the form and we will contact you shortly.
You are also welcome to call us at +45 39 53 50 00 or send an email to
Employees
140
Customers
3900
Revenue
+150 million
Year of establishment
1986
