Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
As we are a reporting tool, the above PII is the only information we request from our customers and store this information in Salesforce (Salesforce is a data processor to us).
We are being requested to sign a Data Processor Agreement with our customers and believe we are more of a Data Controller in this instance. Could you clarify.
Answer:
My understanding is that you are providing a Reporting Software to customers that would be required to register with a username and email so start using the software. For th is instance you are a controllers because you are determining what information is required from a customer to register.
I assume that the reporting software is addressed to companies rather than individuals. In this instance if the companies as your customer would use the reporting software to process personal data of their individual customers that would make you a processor when providing for example hosting and/or maintenance.
To find out about controllers and processors you can check out our article “EU GDPR controller vs. processor – What are the differences?” - https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
Comment as guest or Sign in
Mar 30, 2018