What is the difference between a controller and a processor?
‍
The data controller determines the purpose for which data is being collected, stored and used and the manner and means by which it is being processed.  
‍
‘Controller’ can refer to a natural person, a legal person, authority, agency or other body.
The data processor is the person or persons acting on behalf of the controller, whether internal to a company or accessing and using data as an outsourced service.  

With GDPR the data processor has more responsibility than under the previous directive in terms of security, risks and overall handling of data.

Organisations can be both the controller or processor but usually the processor is a separate entity.
‍
Can I zoom in on the text to get a detailed view of each row?
‍
Yes - go to ZOOM and select your preferred magnification.
Alternatively, use the zoom bar bottom right of your screen

The default view of the GDPR checklist is 60% to provide an easy view of the entire excel sheet, although this can easily be altered using the methods above.


How will the complete checklist save me time and money?
Beginning the GDPR process can feel overwhelming and it would be easy to waste time and valuable resources working out exactly what you need to do and how you are to go about doing it.
Depending on your company’s current situation and existing arrangements, without the GDPR Checklist you could potentially be starting the whole process from scratch with little in the way of knowledge on how to approach it and no personnel qualified to undertake the task.  
‍
With our product you can basically get started on the project immediately and avoid wasting valuable resources or having the expense of outsourcing the work to expensive compliance professionals.
‍
How will the complete GDPR checklist help my organisation get up to speed with GDPR compliance?
‍
The product has been built to offer the following benefits:
1. It enables you to discover and classify all personal data, the first real step in the GDPR process.
2. It acts as an aid to help you identify protection control gaps.
3. It helps you understand how to protect all personal data through development and implementation of appropriate security controls.
4. It lays the groundwork for you to look at how you can enhance security controls through monitoring, detecting, responding, and reporting on all policy violations and external threats.
‍
In addition, if offers you the opportunity to gain so-called ‘quick wins’ that help you provide evidence and demonstrate you are taking  GDPR compliance seriously, by helping you quickly address the key areas:
‍
1. Governance and accountability
2. Roles and responsibilities
3. Update privacy notices
4. Data breach response plan
5. Cyber security
6. Data subject access request (DSAR) procedures
7. Staff awareness training (e-learning)
8. Data deletion

What fines are there for non GDPR compliance?
There are two tiers of administrative fines that can be levied and are they already being issued in practice.
Up to €10 million, or 2% annual global turnover – whichever is higher
Up to €20 million, or 4% annual global turnover – whichever is higher

Recent GDPR Fines:
Country: SPAIN
Date: 2020-12-09
Fine (€): 1,463,000
Controller/Processor: Aleris Sjukvård AB
Quoted Art: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR
Type: Insufficient technical and organisational measures to ensure information security

Country: NORWAY
Date: 2020-12-03
Fine (€): 18,840
Controller/Processor: Municipality of Indre Østfold
Quoted Art: Art. 6 GDPR, Art. 32 (1) b) GDPR
Type: Insufficient legal basis for data processing
Summary: Insufficient technical and organisational measures to ensure information security
‍
Country: UK
Fine (€): 2020-11-13
Controller/Processor: Ticketmaster UK Limited
Quoted Art: Art. 5 (1) f) GDPR, Art. 32 GDPR
Type: Insufficient fulfilment of data subjects rights
Summary: Insufficient technical and organisational measures to ensure information security