The original organisation, as Data Controller, is responsible for ensuring that the processing is covered by their Notification. A Data Processor does not have to Notify for this purpose.
The original organisation (Data Controller) is responsible for ensuring that the Processor provides sufficient security and integrity of the data, and that this is evidenced by a contract which specifically states what can and cannot be done with the data.
Nic Drew
DPO
Cardiff & Vale NHS Trust
-----Original Message-----
From: dlwatson [mailto:[log in to unmask]]
Sent: 20 November 2002 13:15
To: [log in to unmask]
Subject: re - outsourcing and compliance
Hi
I wonder if anyone can help:
A number of organisations have outsourced processing the organisations data and this includes personal data.
My questions are:
* Who is responsible for notification (The original organisation or the outsourcing company)
* Who should audit the data for continued compliance with the Act (The original organisation or the outsourcing company)
* Are there any specific responsibilities on the outsourcer
Many thanx in advance
Best Wishes
David
David Lilburn Watson,
Business Continuity and Risk Management Ltd.
Mob: 07958 214 762 [International + 44 7958 214 762]
Registered in England No. 3403559
Registered Office: 21 St. Thomas Street, Bristol, BS16 6JS
Internet communications are not secure and Business Continuity and Risk Management Ltd. does not accept legal liability for the integrity of the contents of this message. Notwithstanding the above, this email is confidential. The contents may not be disclosed or used by anyone other than the intended recipient. If you are not the intended recipient and receive this email, please immediately contact the sender at the above location.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-----------------------------------------------------------------------
The opinions expressed are those of the individual and not the company.
Internet communications are not secure and therefore the company does
not accept legal responsibility for the contents of this message. If
the reader of this message is not the intended recipient, or the
employee responsible for delivering this communication to the intended
recipient, you are hereby notified that any disclosure, distribution or
copying of this communication is strictly prohibited.
* This message has been processed by the MailGuard Policy Server.
* See <http://www.clearswift.com>.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|