Cluster 4 Flashcards
Data processing and laful bases
6 data processing principles for controllers:
1) processed lawfully, fairly, and in a transparent manner,
2) collected for specified, explicit and legitimate purposes,
3) adequate, relevant, and limited to what is necessary,
4) accurate, and, where necessary, kept up to date,
5) retained only for as long as necessary,
6) processed in appropriate manner to maintain security.
6 lawful bases for processing for processers (one of 6 must be true):
1) contractual obligations,
2) legal obligations,
3) vital interests,
4) public interest,
5) legitimate interests,
6) consent.
Definition of Data Processor and Controller
Definition of a Data Processor
A data processor simply processes any data that the data controller gives them. Following the example above, the data processor is the third-party company that the data controller chose to use and process the data.
The third-party data processor does not own the data that they process nor do they control it. This means that the data processor will not be able to change the purpose and the means in which the data is used. Furthermore, data processors are bound by the instructions given by the data controller.
Definition of a Data Controller
In GDPR and other privacy laws, the data controller has the most responsibility when it comes to protecting the privacy and rights of the data’s subject, such as the user of a website. Simply put, the data controller controls the procedures and purpose of data usage.
In short, the data controller will be the one to dictate how and why data is going to be used by the organization.
