Management Hierarchy & Responsibilities

The Landlord (Data Controller) & Guarding Service Provider (Data Processor) are jointly responsible for compliance with UK Data Protection legislation although the Landlord may appoint a Managing Agent to act as Data Controller.

However the Data Controller is responsible in law to ensure that a Service Level Agreement is in place with * Data Processors. This agreement should define responsibilities and management procedures for the Data Processor to follow.

It would not absolve the Data Controller of its responsibilities were it to rely on the Guarding Service Providers processes and documentation, despite this Data Controllers frequently expose themselves to risk by  leaving their Guarding Service Provider to employ their own methods and documentation.

Data Controller: Landlord or Managing Agent

The Data Controller may be either the Landlord or Managing Agent who must provide Policy and Process Management Systems for its staff and Data Processors to follow. Furthermore, the Controller must ensure that Service Level Agreements with Processors include compliance responsibilities.

Joint Data Controllers

If organisations decide to act as joint data controllers responsibilities must be clearly defined otherwise the situation could be confusing for the various stakeholders.

Data Protection Officer: Reporting to the Board of Directors

The Data Controller should consider appointing an individual responsible for Data Protection compliance and reporting directly to the Board of Directors.

Lead Data Processor: Landlord as Data Controller

In the case that the Landlord is the Data Controller the Managing Agent will act as Lead Data Processor. All other Data Processors such as Guarding Service Providers are subordinate to the Managing Agent who is responsible for dissemination of the Controllers Policy & Procedures reporting to and obtaining authorisation from the Controller for the release of data.

Data Manager: Employed by the Landlord or Managing Agent

This would normally be the individual employed by the Landlord or Managing Agent as Facilities or Building Manager and responsible for implementation and management of the Data Controllers Policy and Procedures. In the case that the Landlord acts as Data Controller the Data Manager will be responsible for obtaining the Landlords authority for the release of data.

Data Processors: Guarding & Systems Service Providers

Responsible as directed by the Data Controller for the day to day management of systems that process Personal Data, and subordinate to the nominated Data Manager.

Independent Auditor: VeriFi

Responsible for data management audit and privacy impact assessment, reporting directly to the Data Controllers nominated person responsible for Data Protection.

Why not get in touch and see how we can help?

We’re ready to lead you into the future of Computer Aided Security Management, get in touch with us today and find out how easy it can be to ditch those inefficient paper records

Get in touch