Q&As

Is an expert witness a controller or processor of personal data under the General Data Protection Regulation?

read titleRead full title
Published on LexisPSL on 20/03/2019

The following Risk & Compliance Q&A provides comprehensive and up to date legal information covering:

  • Is an expert witness a controller or processor of personal data under the General Data Protection Regulation?

Is an expert witness a controller or processor of personal data under the General Data Protection Regulation?

The question of whether a person or entity is a data processor or data controller will depend on the circumstances of each individual case. The key will be whether the expert witness determines the purposes and means of the processing of personal data (see Practice Note: Key definitions under data protection law—Controller).

The Information Commissioner’s Office (ICO) has published guidance on controllers and processors under the General Data Protection Regulation (GDPR). It explains that:

  1. if you exercise overall control of the purpose and means of the processing of personal data, ie you decide what data to process and why—you are a controller

  2. if you don’t have any purpose of your own for processing the data and you only act on a client’s instructions, you are likely to be a processor—even if you make some technical decisions about how you process the data

The ICO has also published more detailed guidance on controllers and processors. In the context of a professional acting in that capacity, the ICO states:

‘If specialist service providers are processing data in line with their own professional obligations, they will always be acting as the controller. In this context, they cannot agree to hand over or share controller obligations with the client.’

Previous ICO guidance on the position under

Popular documents