Controllers and Processors

Question 1

What is a data subject?

Answer 1

An individual from or about whom information is being collected

Question 2

What is a data controller (include GDPR article)?

Answer 2

Article 4(7)
Alone or jointly with others, determines the purposes and the means of the processing of personal data

AKA

The organization, not necessarily a business (could be a public authority or not-for-profit), that is collecting and using information about data subjects

Question 3

What is a data processor (including GDPR article)?

Answer 3

Article 4(8)
Processes personal data on behalf of the controller. A processor's activities must be transparent to the controller and any decisions that determine where personal data is processed or by whom must rely on approval from the controller.

AKA

A service provider to a data controller that only does with the data what the data controller tells it to do with it

Question 4

What is a supervisory authority?

Answer 4

Regulates what the controllers and processors do with data

If an individual has a complaint, he/she can bring it to the supervisory authority

Question 5

What are obligations that controllers and processors have in common?

Answer 5

Both:

A natural person or body (a legal entity, public authority, agency, or other body)

Have accountability obligations (including keeping records for supervisory authorities)

Share responsibilities with personal data security

Ensure compliance with international data transfers

Subject to large admin fines and compensation claims