HR training, conferences, webinars and events
020 7231 5100
Symposium > Model Privacy Notice Data Collection Form
A controller determines the purposes and means of processing personal data - this is likely to be your company.
Data Protection Officer
Under the GDPR, you must appoint a DPO if:
- you are a public authority (except for courts acting in their judicial capacity);
- your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or
- your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.
You will need to conduct an audit of the data you process for employees and replace the model answer below with your own information.
NB "Process" - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.