Controllers and Processors

Question 1

What is a data subject?

Answer 1

An individual from or about whom information is being collected.

Question 2

What is a data controller (including Article)?

Answer 2

Article 4(7) - Alone or jointly with others determines the purposes and the means of the processing of personal data.

Question 3

What is a data processor (include Article)?

Answer 3

Article 4(8) - processes personal data on behalf of the controller.

A processor’s activities must be transparent to the controller and any decisions that determine where personal data is processed or by whom must rely on approval from the controller.

Question 4

What is a supervisory authority?

Answer 4

An independent public authority established by a Member State pursuant to Article 51 - responsible for monitoring the application of the GDPR and regulating what controllers and processors can do.

Significant powers e.g. investigative, corrective, power to impose fines etc.

Question 5

What are obligations that controllers and processors have in common?

Answer 5

A natural person or body (legal entity, public authority, agency or other body)

Have accountability obligations e.g. keeping records for supervisory authorities

Share responsibilities with personal data security

Ensure compliance with international data transfers

Subject to large administrative fines and compensation claims