Practical example of ISO 27018 PII processor, principal and controller
Assign topic to the user
Answer:
Consider the following scenario: John wants to make a bank transfer, and asks Mark, his account manager, to arrange this operation. Mark receives the bank transfer information (account number, value to be transfered and transfer date) from John and authorizes Bill, his assistant, to do the bank transfer.
- John are the PII principal. The PII required for the bank transfer, the account data, is related to him.
- Mark, the account manager, is the PII controller. He is the one, besides John, who can authorize the use of John's PII to perform the bank transfer.
- Bill, Mark's assistant, is the PII processor. It is him who uses John's PII to perform the bank transfer in accordance with Mark's instructions (value to be transfered and transfer date, sent by John).
Comment as guest or Sign in
Sep 17, 2016