Who Does the GDPR Apply to?

CIO Review Europe | Tuesday, October 19, 2021

Any individual, agency, public authority, or other body that processes personal data on behalf of a controller is defined by the general data protection regulation.

FREMONT, CA: The General Data Protection Regulation (GDPR) affects any firm that sells goods or services to EU citizens, even those who are not based in the EU. If one runs an internet business, it would not be known whether the people with whom they transact are from the EU. As a precautionary step, all online enterprises should at the very least be GDPR compliant.

Personal information is divided into two categories: those who control the information and those who process it.

Data Controllers

Any individual, governmental authority, agency, or other body that determines the purpose and means of processing personal data is referred to as a controller under the GDPR. Controllers are in charge of deciding how personal data is handled. A music school, for example, employs a digital screen in the waiting room to tell parents when each teacher is ready. Each child's name and the room number of their music lesson are displayed on the screen. The music school is classified as a personal data controller because it selects how the notification system should process all of the data.

Data Processors

Any individual, agency, public authority, or other body that processes personal data on behalf of a controller is defined by the GDPR. Processors do not make decisions about how personal data is processed because they are following the data processing regulations specified by a controller.

A software company, for example, employs a marketer for an upcoming email campaign. All leads' names and email addresses are given to the marketer to send customized emails to each one. Since it chooses how the data should be treated, the software company is classified as a  personal data controller. As they are carrying out the software company's data processing instructions, the marketer is designated as a processor. Processes are expected to be GDPR compliant alongside processes even if they are only following controller instructions, and this is because they handle personal data.

Read Also

follow on linkedin follow on twitter

Copyright © 2021 CIOReviewEurope. All rights reserved.         Contact         |         Subscribe        

Top