Obligations of the Data Administrator
Who is the personal data controller?
First, we will provide a definition that will explain who is considered an administrator under the GDPR.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
What are the administrator's obligations?
The GDPR Risk Tracker application gives you the opportunity to receive information about what obligations arising from the GDPR a given user (Administrator) is subject to. This is based on data collected during risk analysis conducted via the system.
Based on the answers provided by the user, he or she receives information about what obligations under the GDPR the Administrator is subject to. The duties in question are:
Obligation to appoint a data protection officer – pursuant to Art. 37 GDPR,
Obligation to keep a register of processing activities - pursuant to Art. 30 section 1 GDPR,
Obligation to conduct a data protection impact assessment (DPIA) – pursuant to Art. 35 GDPR.
In this way, based on the data collected while using the system and resulting from working with our tool, the user (Administrator) obtains ready-made answers and guidelines for further actions.
GDPR Risk Tracker
The GDPR Risk Tracker app once again does the work for the user. By analyzing, assessing and drawing conclusions based on the created methodology, our tool generates a full final report in which the user (Administrator) receives all relevant information and indications for further actions. Once again showing that risk analysis is a comprehensive and multi-stage process carried out entirely by our application.
It is the responsibility of the user (Administrator) to collect data and enter it into the system, based on their knowledge and the answer to the questions asked by the GDPR Risk Tracker application. The remaining activities are the responsibility of our application and the mechanisms embedded in it.