GDPR & Subscription Businesses: Role of the Data Controller
In this webinar, we discuss GDPR and the role of the Data Controller. The controller determines the purposes for which and the manner in which personal data is processed. As a business if you deal with customer data as part of your normal operations, this will likely be you, so watch this webinar and understand exactly what your obligations are going to be. Presented by our GDPR experts: Lisa Jordan, Head of Legal & Data Protection Officer and Callum Mannix, Product Owner.
What You'll Learn in This Webinar
Data Protection Impact Assessments
Data Protection Impact Assessments (often referred to as DPIAs) are something the Data Controller should be undertaking to evaluate the origin, nature, particularity and severity of risk and enhance their compliance with GDPR.
A single assessment may address a set of similar processing operations that present similar high risks.
As part of this webinar we look at the DPIAs, what is required as part of them and where the Data Protection Officer can help.
What is a Data Controller?
A Data Controller is defined as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
During the course of this webinar, our experts clearly explain the differences between this role and the Data Processor and what responsibilities lie with the Data Controller.
Compensation, Fines and Penalties
Infringements of certain GDPR provisions shall, in accordance with the administrative fines, be subject to administrative fines up to 20,000,000 EUR, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
If a Controller (or Processor) intentionally or negligently, for the same or linked processing operations, infringes several provisions of the GDPR, the total amount of the administrative fine shall not exceed the amount specified for the gravest infringement.
The eSuite Platform and GDPR
MPP Global has been securing the customer data of the world’s leading publishing, media and retail companies for nearly two decades. We have evolved our platform to meet the stringent requirements of the new GDPR legislation.
eSuite has been PCI-DSS Level 1 compliant for many years, which gave a solid foundation for building out the environment for GDPR compliance. Our team of GDPR experts take a closer look at the features that eSuite offers, which satisfy the interests of a Data Controller.