Platypus Header

Platypus Innovation Blog

6 October 2017

GDPR Jargon: What is a Data Controllers vs a Data Processor?

The incoming GDPR legislation introduces roles and responsibilities that will affect a great many companies.

A Data Controller is any organisation that collects and uses data about individuals.

E.g. does your company have a mailing list? Then it's a data-controller.

Data-controllers are responsible for using the data correctly (i.e. only as permitted), for not retaining data beyond the agreed purpose,
and for interacting with the individual about their data.

A Data Processor is an organisation that provides data processing facilities -- e.g. databases and computer systems.

They are responsible for how the data is stored, and for providing proper security (and notification of any security breaches).
E.g. MailChimp is a data-processor.

Of course, many companies are both data controllers and data processors.

Good-Loop Unit