The following questions are intended for GBG’s global suppliers following the announcement of our intention to become a data controller
A data controller is an entity which, alone or jointly with others determines the purposes and means of the processing of personal data.
A data processor is an entity which processes personal data on behalf of the data controller. Previously GBG considered itself a data processor acting on behalf of its customers and suppliers who are data controllers.
The Information Commissioner’s Office, ICO, is the UK’s independent data protection regulatory authority set up to uphold information rights in the public interest. You can find out about the ICO by clicking ico.org.uk.
GDPR stands for the General Data Protection Regulation (EU) 2016/679 and is Europe’s framework for data protection laws. It is applicable to processing carried out by organisations operating within the EU and it also applies to organisations outside the EU that offer goods or services to individuals in the EU or that monitor the behaviour of individuals within the EU. GDPR was incorporated into UK Law as a result of the Data Protection Act 2018, therefore the UK will retain GDPR after it leaves the EU at the end of 2020.
We are asking all suppliers to sign updated terms to ensure that our contracts accurately reflect the roles and responsibilities of each party.
GBG plans to become a data controller for all its products and services. This is a global roll out over a period of time and we will communicate to you regarding the timeline for changes where your data is used.
No. GBG considers itself and our suppliers each as separate and independent Controllers.
No. The variation to our contract sets out the respective roles and responsibilities of each party including details of any permitted purpose and licencing restrictions that may be applicable to the data you provide to us.
The contract between the parties will set out the roles and responsibilities in relation to responses to subject access requests.