SAFECommunity Interest Company
Safer Activities For Everyone CIC
Unit 10, Progress Way • Mid Suffolk Business Park • Eye • IP23 7HU • 01379 871091 • help@safecic.co.uk
Products and Services
Membership
and the SAFE award
Other Training
and Events
News
Our Clients
About Us

GDPR and SAFEcic

GDPR and SAFEcic customers;

As our original data protection systems were already more robust than required, few SAFEcic clients will notice any change at all. Please follow this link for our Privacy Policy

How does the GDPR define SAFEcic's role?

When an organisation purchases SAFEcic products or services, some personal data will need to be shared between that organisation and SAFEcic. GDPR defines BOTH the purchaser and SAFEcic as “Joint Data Controllers”.*

As Joint Data Controllers, it is the responsibility of each Data Controller’s organisation to ensure its’ own compliance with GDPR and the Data Protection Act 1998. A public commitment to compliance such as The SAFEcic Privacy Policy is seen as sufficient for each organisation to show due diligence in ensuring the other is compliant. **

Written Contract? Not required with SAFEcic.

This page on the ICO website states that a written contract is needed in some circumstances:

“Whenever a controller uses a processor it needs to have a written contract in place.”

Having read this, some of our clients are asking; “Does my organisation need a written contract with SAFEcic?”

The answer to this question is no, because SAFEcic is always defined as a “Data Controller” rather than a “Data Processor”.

What is the difference between a "Data Controller" and a "Data Processor"?

a) A “Data Controller” has responsibility for how any data is processed and stored (including selecting any software used), how long that data is kept and how the data should be disposed of when that period expires.

b) A “Data Processor” has none of these responsibilities. Therefore a written contract is required to guarantee that the “Data Processor” behaves entirely in accordance with the instructions of the “Data Controller”.***

*See Article 26 of the GDPR “Joint Controllers”.

**See ICO “Data Sharing Code of Practice”.

***See ICO “Data Controllers and Data Processors”

You are here: Home Support GDPR and SAFEcic