The Information Commissioners Office (ICO) is the independent regulator set up to support data protection and enforce data protection laws in the UK. In the case of a breach of security of personal data it is the organisation’s legal responsibility to report the breach to the ICO.
Data controllers and data processors
The terms ‘data controller’ and ‘data processor’ are related to the organisation or individual who is processing data and the level of responsibility they are subject to.
- Data Controller: A data controller is the decision maker around how and why data is collected and used. This will generally be an organisation.
- Data Processor: A data processor acts upon instruction from a data controller. Generally individuals within organisations are data processors.