Is the crucial issue not going to be whether the ALEO uses its professional expertise as a separate entity in deciding what it does with personal data and, in particular, how it does it?
Donald
-----Original Message-----
From: This list is for those interested in Data Protection issues <[log in to unmask]> On Behalf Of Phil Bradshaw
Sent: 30 August 2019 09:58
To: [log in to unmask]
Subject: [data-protection] Wholly owned Company: Controller, Processor or neither?
An NHS organisation sets up a wholly owned management company - essentially for VAT advantages.
Staff employed by the company effectively manage all security tasks including CCTV operation and related tasks for the organisation, but are subject to all of the organisations policies & procedures, and get all guidance and support from the organisations IG team and DPO, together with approval of any procedures and processes.
There are considerable practical difficulties (contract, day to day control, decision making, accountability etc.) in regarding the company, although it is technically an independent legal entity, as either a controller or processor. Is there any reason why the organisation cannot simply regard the company as neither, but as a "person who, under the direct authority of the controller or processor, is authorised to process personal data" - in effect a 'corporate' employee?
That certainly seems to me a better description of the relationship - the company does as its told like any employee but has a measure of independent action in daily tasks.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The information in this email is solely for the intended recipients.
If you are not an intended recipient, you must not disclose, copy, or distribute its contents or use them in any way: please advise the sender immediately and delete this email.
Perth & Kinross Council does not warrant that this email or any attachments are virus-free and does not accept any liability for any loss or damage resulting from any virus infection. Perth & Kinross Council may monitor or examine any emails received by its email system.
The information contained in this email may not be the views of Perth & Kinross Council. It is possible for email to be falsified and the sender cannot be held responsible for the integrity of the information contained in it.
General enquiries to Perth & Kinross Council should be made to [log in to unmask] or 01738 475000.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|