For any SME, we have established a fixed route with which business leaders learn step by step all aspects of this legislation. In this way, the entrepreneur or the person responsible for the GDPR also knows whether there is data outside the EEA and whether agreements have been concluded with the European Union or if there is a coherence mechanism.

Notaries work with government institutions, with sensitive personal data and process data with joint processors. As a notary you therefore need a DPO. For example, the notary must be informed when he or she is a processor or controller. An HR company processes the data of a notary and can therefore never be responsible. A processor agreement, for example, starts from the notary and not the other way around.

These companies or associations always come into contact with personal data that are easily processed by e-mail, but who has access to this and is the next GDPR processor in order?

Bookkeepers & accountants process personal data and sensitive personal data such as financial data, contact with the government for the processing of tax returns. The purpose and means for processing this data can be determined by their organization or by the provider of a certain application, such as an accounting package. It appears that this accounting package is also connected to a software provider of a CRM or ERP, GDPR guidance will find out who is actually responsible.