Data processors process data on behalf of the data controller. The existence of a data processor is dependent on decisions taken by the data controller as to how the data should be processed and by whom.
When you are accessing data through a SHIP Safe Haven you will be a ‘data processor’ for the purposes of the Data Protection Act 1998. The data controllers are the SHIP Safe Haven itself, and the original data custodian, as they determine how the data should be processed and by whom.
Under the Data Protection Act 1998 (DPA) it is the responsibility of the data controller to comply with the obligations set out in the Act, which are contained in the data protection principles in schedule 1. However, it is still essential that you as a researcher are aware of these principles as adhering to them will ensure that you are handling data responsibly. Indeed, data custodians will usually require you to undertake not to use their data in such a way that would breach any of the data protection principles.
The obligations imposed by the DPA are:
You should however remember that you may become a data controller over your research output data after your research project is completed. You must therefore be aware of how your legal obligations can change depending on the access and control you have over the data.
Some questions to consider to help you assess whether you are acting as a data controller or processor include: