Workflow

Easy introduction to GDPR - Lesson 4

Data roles

You have probably heard the terms data subject, data controller, and data processor. If not, do not worry; we got you covered. Who are they? What are the responsibilities of controllers and processors, and how do they differ? Using examples, we will uncover the basic understanding of these terms and why they are relevant.

Compliance school

What is GDPR? Video transcription

So in this episode, we'll talk a little bit about some very specific GDPR terms; data controller, data processor, and data subjects. Who are they? Well, the data controller is the company, for example, that owns the data, the company that defines what should happen to the data, how data should be handled and processed, and also have the instructional power over the data processor.

So what's the data processor? Well, the data processor is the company that is helping the data controller process the information. A good example- you're using HubSpot as your marketing tool; you'll add in a lot of contacts; people you're sending out emails about. Well, you as a company are the controller.

HubSpot is your data processor because they're getting personal identifiable information, also called PII, or you might also hear it as personal data. Well, they're getting that data from you as the company so that they can help you send out emails and make those types of pains that you would do in HubSpot. The subject is the person that you have information about.

Meaning, for example, the person you're sending out emails to; that's the data subject. This means that this is a person also known as an individual. Those are very important terms for you to understand data controller, data processor, and the data subject.