Difference between revisions of "Data Controller"
From Open Risk Manual
Wiki admin (talk | contribs) |
Wiki admin (talk | contribs) |
||
| Line 15: | Line 15: | ||
== References == | == References == | ||
* [https://edps.europa.eu/data-protection/data-protection/glossary/ EDPS Glossary] | * [https://edps.europa.eu/data-protection/data-protection/glossary/ EDPS Glossary] | ||
| + | * [https://w3c.github.io/dpv/dpv/ Data Privacy Vocabulary (DPV)] | ||
[[Category:Data Privacy]] | [[Category:Data Privacy]] | ||
Latest revision as of 18:34, 29 September 2021
Definition
Under Regulation (EU) 2018/1725, as well as under the GDPR, the Data Controller is the party that, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
The actual processing may be delegated to another party, called the Data Processor. The controller is responsible for
- the lawfulness of the processing
- for the protection of the data, and
- respecting the rights of the Data Subject.
The controller is also the entity that receives requests from data subjects to exercise their rights.
Notes
- In ISO/IEC the term 'PII Controller' is used.
