Practice Areas
Cybersecurity, Data Protection & Privacy
- Get free trial for practice areas as below
- Business
- Consumer
- Corporations
- Criminal
- Employment
- Family
- General Counsel
- Governance
- Immigration
- Intellectual Property
- Personal Injury NSW
- Personal Injury Qld
- Personal Injury Vic
- Personal Property Security
- Property
- Succession
- Work Health & Safety
- Tax
- Mergers & Acquisitions
- Banking & Finance
- Social Justice
- Cybersecurity, Data Protection & Privacy
- Insolvency
- Competition
LexisNexis Practical Guidance®
Straightforward guidance across a range of topics
EU general data protection regulation (GDPR) — Checklist for controller versus processor
| Introductory note: | |
| The following checklists are adopted from the ICO’s Guide to the GDPR and set out indicators as to whether you are a controller, a processor or a joint controller. The more boxes you tick, the more likely you are to fall within the relevant category. | |
| How to use this checklist: | |
| Before using the checklists, it is essential to first establish if your organisation is actually caught by the GDPR under Art 3, which sets out the extra-territorial test (see Overview — What is the GDPR and when does it apply to Australian organisations?). For eg, it is not uncommon for a party (such as a customer) who is based in the EU to attempt to classify an Australian organisation as a “processor” under the GDPR. However, the Australian organisation may in fact be merely a “recipient” in which case it is not directly caught by the GDPR and GDPR’s “processor” obligations do not apply to it. | |
| Links to related content: | |
| Overview — What is the GDPR and when does it apply to Australian organisations? | |
