External DPO Cost
External DPO Cost

What do the terms “controller”, “processor” and “data subject” mean?

Definitions according to the GDPR:

The GDPR uses a number of specific terms to define the different actors and their roles in relation to the processing of personal data. These terms are essential for understanding the regulation and its application in practice. Here are the most important terms and their definitions:

  1. Person responsible (Article 4 No. 7 GDPR):
    • The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The controller has the primary responsibility for compliance with data protection rules and for implementing the necessary measures to protect personal data.
  2. Processor (Article 4 No. 8 GDPR):
    • The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller. The processor acts only on the instructions of the controller and may not use the data for its own purposes. The GDPR sets out strict requirements for the selection and control of processors by the controller.
  3. Data subject (Article 4 No. 1 GDPR):
    • The data subject is the natural person whose personal data is processed. The GDPR aims to protect the rights and freedoms of such individuals and to give them more control over their personal data. The data subject has various rights that he or she can assert against the controller and the processor.

Examples and explanations:

  • Controller: A company that collects and processes personal data of its customers, for example an online retailer that stores and processes its customers’ addresses and payment information, is the controller of that data.
  • Processor: A cloud service provider that stores and processes the data on behalf of the online merchant is the processor. The cloud service provider may only process the data in accordance with the merchant’s instructions and must implement appropriate security measures to protect the data.
  • Data subject: The online retailer’s customers whose personal data is processed are the data subjects. They have rights such as the right to information, correction and deletion of their data.

Responsibilities and duties:

  1. Responsible:
    • The controller must ensure that the processing of personal data is carried out in accordance with the principles of the GDPR, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation and integrity and confidentiality.
    • The controller is obliged to take appropriate technical and organizational measures to ensure the security of the data and to protect the rights of the data subjects.
    • The controller must provide data subjects with clear and understandable information about the processing of their data and respect and enable their rights.
  2. Processor:
    • The processor may only process the personal data on instructions from the controller and must take all appropriate measures to ensure the security of the data.
    • The processor must inform the controller of all relevant information and measures necessary to comply with the GDPR and assist the controller in fulfilling its obligations.
    • The processor must immediately inform the controller of any data protection breaches and assist the controller in fulfilling its information obligations towards the data subjects and the supervisory authorities.
  3. Affected person:
    • The data subject has the right to request information from the controller about the processing of his or her personal data, including the purposes of the processing, the categories of data processed, the recipients of the data and the planned storage period.
    • The data subject has the right to have inaccurate data rectified and to have his or her data erased under certain conditions.
    • The data subject has the right to request the restriction of the processing of his or her data and to object to the processing of his or her data.
    • The data subject has the right to data portability, i.e. he or she can request that his or her data be transmitted in a structured, common and machine-readable format.

Relevant articles of the GDPR:

  • Article 4 No. 1: Definition of the data subject
  • Article 4 No. 7: Definition of the controller
  • Article 4 No. 8: Definition of processor
  • Articles 24-31: Obligations of the controller
  • Article 28: Obligations of the processor

Summary:

The GDPR defines clear roles and responsibilities for the different actors involved in the processing of personal data. The controller has the primary responsibility for compliance with data protection rules, while the processor acts on behalf of the controller and must meet strict data security requirements. Data subjects have a number of rights designed to give them more control over their personal data and ensure its protection.

Globeria Consulting GmbH zeichnet sich als einer der führenden DSGVO-Dienstleister in Deutschland aus und bietet umfassende Lösungen durch zertifizierte Datenschutzbeauftragte (DSB). Unsere Dienstleistungen decken das gesamte Spektrum der DSGVO-Compliance ab und stellen sicher, dass Ihr Unternehmen alle rechtlichen Anforderungen effizient erfüllt. Vertrauen Sie auf unsere Expertise für ein beispielloses Datenschutz- und Privacy-Management.

Wir bedienen Berlin, Frankfurt, München, Magdeburg, Sachsen-Anhalt, Hamburg und ganz Deutschland.
+4939155721388
info@globeriadatenschutz.de
Arbeitszeiten: Montag-Freitag, 09:00-17:00
© 2024 Globeria Consulting GmbH. Alle Rechte vorbehalten.