The newly implemented General Data Protection Regulation (GDPR) applies to processing of personal data by “Data Controllers” and “Processors”. GDPR defines Controller and Processor as follows: ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data…” ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller ”

Never before in history have people been better informed about the introduction of a new law than in 2018 when the General Data Protection Regulation (GDPR) came into effect. Most of us were bombarded by emails from large and small companies alike requesting our consent to continue to use our personal data and we have seen no end of articles on the web about what the new legislation requires from businesses as well as our rights as data subjects under the new GDPR.