- Provision of a freely usable CustomGPT prompt for the legal classification of data processing bodies under Swiss data protection law.
- Check is carried out using a decision tree with identification of processing, determination of primary responsibility and criteria for order processing.
- Prompt is separated into instructions and extensive knowledge document due to character limit; additional reference essay by David Rosenthal provided.
A new prompt in our Prompt Library supports the classification of data processing entities as controllers, joint controllers or processors under Swiss law. As usual, the prompt is available from us and can be used freely, and is available as CustomGPT.
The bot guides you through the examination of data protection roles via a predefined decision tree, which includes the identification of the processing and the bodies involved, the determination of primary responsibility, the examination of order processing with four main criteria and three doubtful case rules and the examination of joint responsibility. Constellations such as body leasing are also taken into account.
Because OpenAI limits the instructions of a CustomGPT to 8,000 characters and the complete logic with all questions, options and a template for documenting the result comprises around 10,000 characters at the end, the prompt is split up:
- Instructions (approx. 3,400 characters): Rules of conduct and brief overview; controls how the bot proceeds;
- Knowledge document (approx. 10,000 characters): Complete audit logic, criteria, skip logic and protocol template – controls, what the bot checks.
We have also deposited the publicly accessible essay by David Rosenthal on data protection roles as know-how, Controller or processor: The crucial question under data protection law, in: Jusletter June 17, 2019 (who, of course, assumes no responsibility for our prompt or its use).