The European General Data Protection Regulation (EU GDPR) comes into force in May 2018. Under the new regulation, Care Control is defined primarily as a Data Processor and as such has some specific responsibilities. Most of our clients (Care Service Organisations) would be defined as Data Controllers.

According to Article 4 of the EU GDPR, different roles are identified as indicated below:

Controller – “means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.”

Processor – “means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.”

The changes Care Control have made to ensure that we remain compliant to GDPR are as follows: –