Guest user Created: Nov 21, 2018 Last commented: Nov 21, 2018

EU GDPR controller vs. processor

If we have an EU client who is the Controller of data (let's assume client data about previous purchases for a retail/ecommerce store) and we must become a Processor of this data, when are we considered a Controller of the data? I'm assuming that we technically could not be the Controller since we do not have the relationship with the client directly, but I'm a little unsure of the exact nature of that relationship.

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Nov 21, 2018

Answer:

This depends on what activities you perform. If you process personal data on behalf of the Controller and if you process data based on the controller`s instructions, you are a data processor.

A controller is an entity who, alone or jointly with others, determines the purposes and means of the processing of personal data. In other words, the controller decides “what” personal data will be processed for and “how” it will be done.

A processor is an entity who processes personal data on behalf of a controller. An example might be a company that processes your payroll or a cloud provider that offers data storage. Ho wever, in more complex relationships it can be difficult in practice to work out if someone acts as controller or processor.

To find out more about controllers and processors check out this article EU GDPR controller vs. processor – What are the differences? (https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/)

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Nov 21, 2018

Expert Advice Community