Guest user Created: Dec 12, 2018 Last commented: Dec 12, 2018

The classification of data

In our website server, we have customer's personal data. IT is only responsible for the security of the OS. The website developer is responsible for the development of the website application. It needs to access and back up the database of the entire customer information. It can also view all transaction information and customer information, because sometimes it is necessary to view and test bugs. Sales can view customer information and order information through the backstage of the website. For such information assets, should it be assigned to IT,Sales or developer? Or how to divide such interactive information assets from the perspective of asset classification.

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Dec 12, 2018

Answer:

Personal data that should be protected regardless of which structure within the company or third party processes it. Internally, the whole company is responsible and assigning an owner will only cause confusion and spread the belief that only the owner is accountable for how the personal data is being processed. Ultimately, the company is responsible if the data i s processed in an unlawful manner and not a specific individual/employee.

In terms of your web developer, as he will be acting as your data processor, he is bound by the obligations set up in Article 28 of EU GDPR and you, as a data controller, need to ensure that those obligations are clearly set out in the Data Processing Agreement you need to sign with the processor.

To learn more about processors and controllers, as well as the responsibility of managing personal data, check out this free EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//).

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Dec 12, 2018

Expert Advice Community