Frustrated man

Explaining Data Controller/Data Processor obligations

Data protection is a complex topic on many fronts filled with often-abstract concepts.

As data protection professionals we need to articulate these concepts into forms  employees can grasp easily.

At Purpose and Means we continually develop one-pagers that can be presented step by step, in your own words, and then circulated to employees afterwards.

A picture speaks a thousand bullet points.

To mark this week's anniversary around GDPR, Purpose and Means is having a ‘Great GDPR Giveaway’ making available for free some of our visual material that you can adapt and make use of in your context.

Today's giveaway is this one-pager that can be used to explain the high-level interactions between a Data Controller and Data Processor.

If you would like a copy of this explainer with animations embedded, drop an email to:

Petruta Pirvan
Tim Clements
May 24, 2023


Other posts

February 24, 2023
Identifying personal data
Tim Clements
February 21, 2023
Records of processing activities (ROPAs)
Tim Clements
February 16, 2023
Data protection impact assessments (DPIAs)
Tim Clements
February 12, 2023
Processing activities
Tim Clements
February 9, 2023
Data protection culture
Tim Clements
February 6, 2023
Operational triggers
Tim Clements
February 2, 2023
Privacy notices
Tim Clements
January 30, 2023
Ways of working
Tim Clements
January 26, 2023
Demonstrating accountability
Tim Clements
January 19, 2023
Ineffective data protection policies
Tim Clements
January 12, 2023
Growing data protection teams
Tim Clements
January 5, 2023
Data protection governance frameworks
Tim Clements
December 15, 2022
The business case for data protection
Tim Clements