Categorías: Todo - controller - data - privacy - model

por skrypt K hace 6 años

162

Pridevops

In the realm of data management, understanding the roles and responsibilities of different entities is crucial, particularly under regulations like GDPR. The Data Controller is the main entity responsible for determining the purposes and means of processing personal data, ensuring compliance with legal standards, and avoiding penalties from supervisory authorities.

Pridevops

Privacy by Design

Data Controller Group 01

Asset 03

Asset 02

Asset 01

Data Processor 03

Data Processor 02

Data Processor 01

Consent from Data Controller

If given data to Data Processor -> Goal: Check Consent, Time, Reason, Inform Asset if are and generate plans for each one

If Processor access the data have to inform the Collector

Generate Plan: Automatically send an Email to Controller

Generate Plan -> Consent

If Country "blank" Fill and Check Regulations of Country

find on the data
ask from asset

If Reason blank: Plan: State Reason

Rewrite Consent Rules and Sign Up

If Consent is Pending -> Plan: Check Status and wait or inform for status update

If Consent Blank or Not Asked then -> Plan: Consent

If Child ask from Parents
If Senstitive -> Plan: Written Consent and Strict
Written Consent
Phone
Send Email

Gather : (Private Data, Greece, PDM, Reason : Transcaction on ESHOP, 07 July 15:30, For 2 Days, Consent is given through online terms Send notification when this is finished, Data Processor:CWA, )

Asset

Main Class/ attributes: id, name, label name, coordinators (x,y)

Consent

Not Asked
Pending
Given

For how long

Days/Hours/Months/Years

Reason

Text: Reason

Who Collected

id of Data Controller

Place collected

Name of Country

Nature of Data

Public
Private
Sensitive

Actor

Data Controller

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Under GDPR, the Data Controller is responsible for making sure the personal data that falls under their remit complies with the regulations when being processed. Therefore it’s important to know if you are a Data Controller as it is your responsibility to make sure you avoid legal action and punishment from the supervisory authority.

Hold data from: ACM Website, CRM
Country
Number of Employes

Data Processor

It is important to point out that the data processor does not control the data and cannot change the purpose or use of the particular set of data. The data processor is limited to processing the data according to the instructions and purpose given by the data controller.

A good way to think of a data processor is as a specialized technical partner, appointed to carry out specific tasks to accomplish the goals set by the data controller.


As mentioned above, if you hold or process personal data, but do not exercise responsibility for or control over the personal data, then you are a "data processor". Examples of data processors include payroll companies, accountants and market research companies, all of which could hold or process personal information on behalf of someone else. "Cloud" providers are also generally Data Processors.

It is possible for one company or person to be both a data controller and a data processor, in respect of distinct sets of personal data. For example, a payroll company would be the data controller in respect of the data about its own staff, but would be the data processor in respect of the staff payroll data it is processing for its client companies.


A data processor is distinct from the data controller for whom they are processing the personal data. An employee of a data controller, or a section or unit within a company which is processing personal data for the company as a whole, is not a "data processor". However, someone who is not employed by the data controller, but is contracted to provide a particular data processing service (such as a tax adviser, or a telemarketing company used to manage customer accounts) would be a data processor. A subsidiary company owned by a data controller to process personal data on its behalf (for example to manage the payroll) is a distinct legal person and is a data processor.


Responsibilities of data processors

Unlike data controllers, data processors have a very limited set of responsibilities under the Data Protection Act. They must only process personal data on the instructions of the Data Controller. These responsibilities concern the necessity to keep personal data secure from unauthorised access, disclosure, destruction or accidental loss. In addition all data processors, whose business consists wholly or partly in processing personal data on behalf of data controllers who are required to register, are also required to register with the Data Protection Commissioner as a data processor.

Process Data from: They are the support team, They are developers or else

PriveDevOps

Generate Privacy Model