July 24, 2024
The EU-US Data Privacy Framework: What You Need to Know
With the final approval of the EU-U.S. Data Privacy Framework, data can once again flow across the Atlantic. Learn more about the new rules at TrueVault.
A data controller refers to an organization, institution, or individual that sets the standards for personal data processing (Article 24). In practice, that means that a data controller is responsible for determining how and why data is going to be used by an organization. Most often, a data controller is a person or organization that actually gathers data and then dictates how it will be used.
This is in contrast to a data processor. According to GDPR, a data processor is an organization, institution, or individual that implements the standards for data processing established by the data controller (Article 28). Typically, although not exclusively, a data processor is a third party that processes data at the direction and discretion of a data controller. A data processor does not own any of the data they process and are not in control of it. This means that a data processor can not change the meaning of the data, direct how the data is used, and are bound by the instructions
While data controllers and data processors each perform different functions, there are two important things to note: 1) One organization can be both a data processor and a data controller. They are not mutually exclusive 2) Both a data controller and a data processor are obligated to comply with all components of GDPR.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal or other professional advice. Without limiting the foregoing, the content may not reflect recent developments in the law, may not be complete, and may not be accurate or relevant in an applicable jurisdiction. This content is not a substitute for obtaining legal advice from a qualified licensed attorney in the applicable jurisdiction. The content is general in nature and may not pertain to specific circumstances, so it should not be used to act or refrain from acting based on it without first obtaining advice from professional counsel qualified in the applicable subject matter and jurisdictions.
Get monthly updates on the latest updates on policy & the shifting privacy landscape.
Dive into a world of knowledge, trends, and industry updates on the TrueVault blog.
