arabera skrypt K 6 years ago
165
Honelako gehiago
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Under GDPR, the Data Controller is responsible for making sure the personal data that falls under their remit complies with the regulations when being processed. Therefore it’s important to know if you are a Data Controller as it is your responsibility to make sure you avoid legal action and punishment from the supervisory authority.
It is important to point out that the data processor does not control the data and cannot change the purpose or use of the particular set of data. The data processor is limited to processing the data according to the instructions and purpose given by the data controller.
A good way to think of a data processor is as a specialized technical partner, appointed to carry out specific tasks to accomplish the goals set by the data controller.
As mentioned above, if you hold or process personal data, but do not exercise responsibility for or control over the personal data, then you are a "data processor". Examples of data processors include payroll companies, accountants and market research companies, all of which could hold or process personal information on behalf of someone else. "Cloud" providers are also generally Data Processors.
It is possible for one company or person to be both a data controller and a data processor, in respect of distinct sets of personal data. For example, a payroll company would be the data controller in respect of the data about its own staff, but would be the data processor in respect of the staff payroll data it is processing for its client companies.
A data processor is distinct from the data controller for whom they are processing the personal data. An employee of a data controller, or a section or unit within a company which is processing personal data for the company as a whole, is not a "data processor". However, someone who is not employed by the data controller, but is contracted to provide a particular data processing service (such as a tax adviser, or a telemarketing company used to manage customer accounts) would be a data processor. A subsidiary company owned by a data controller to process personal data on its behalf (for example to manage the payroll) is a distinct legal person and is a data processor.
Unlike data controllers, data processors have a very limited set of responsibilities under the Data Protection Act. They must only process personal data on the instructions of the Data Controller. These responsibilities concern the necessity to keep personal data secure from unauthorised access, disclosure, destruction or accidental loss. In addition all data processors, whose business consists wholly or partly in processing personal data on behalf of data controllers who are required to register, are also required to register with the Data Protection Commissioner as a data processor.