The incoming GDPR legislation introduces roles and responsibilities that will affect a great many companies.
A Data Controller is any organisation that collects and uses data about individuals.
E.g. does your company have a mailing list? Then it's a data-controller.
Data-controllers are responsible for using the data correctly (i.e. only as permitted), for not retaining data beyond the agreed purpose,
and for interacting with the individual about their data.
A Data Processor is an organisation that provides data processing facilities -- e.g. databases and computer systems.
They are responsible for how the data is stored, and for providing proper security (and notification of any security breaches).
E.g. MailChimp is a data-processor.
Of course, many companies are both data controllers and data processors.
No comments:
Post a Comment