Difference between revisions of "Data Controller"

From Open Risk Manual
(Created page with "== Definition == Under Regulation (EU) 2018/1725, as well as under the GDPR, the '''Data Controller''' is the party that, alone or jointly with others, determines the purposes...")
 
Line 8: Line 8:
  
  
The controller is also the entity that receives requests from data subjects to exercise their rights.
+
The controller is also the entity that receives requests from data subjects to exercise their rights.
 +
 
 +
== Notes ==
 +
*  In ISO/IEC the term 'PII Controller' is used.
  
 
== References ==
 
== References ==

Revision as of 18:24, 29 September 2021

Definition

Under Regulation (EU) 2018/1725, as well as under the GDPR, the Data Controller is the party that, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

The actual processing may be delegated to another party, called the Data Processor. The controller is responsible for

  • the lawfulness of the processing
  • for the protection of the data, and
  • respecting the rights of the Data Subject.


The controller is also the entity that receives requests from data subjects to exercise their rights.

Notes

  • In ISO/IEC the term 'PII Controller' is used.

References

Retrieved from "https://www.openriskmanual.org/wiki/index.php?title=Data_Controller&oldid=26171"
  • Creative Commons Attribution-NonCommercial-ShareAlike
  • Powered by MediaWiki
  • Powered by Semantic MediaWiki