In 2018, the set of General Data Protection Regulations (GDPR) was enforced, making sure that companies operating within the EU were and continue to be GDPR compliant. GDPR was designed to revolutionize European laws that pertain to the protection of personal information. Though, the strict data privacy laws also apply to any company established outside of the EU which are either offering goods and services to EU customers or monitoring the behaviour of those inside the EU. Today, GDPR affects how businesses and public sector organizations from all over the globe handle customer data. Additionally, it boosts the rights and control given to individuals over their information.
Understanding the Relationship between Controllers and Processors
If you are among those who are GDPR compliant, chances are you have come across the terms, “data controller” and “data processor”. With the implementation of GDPR, it is important for your organization to understand what these entities mean and how they can affect your daily operations.
Below, we compare these terms and the roles they play under GDPR:
- Definition: A data controller is the person, agency or public authority that determines why and how personal data is processed.
- Responsibilities: As the main party, controllers are ultimately responsible for demonstrating compliance in relation to consent and the processing of personal data. While they are able to make more independent decisions, they are subsequently at fault if something were to go wrong. Controllers are also responsible to meet the principles relating to processing of personal data which include lawfulness, accuracy, confidentiality, data minimization, fairness and transparency, and storage limitation and integrity of personal data. Thus, controllers must choose processors that are in compliance with GDPR in order to avoid fines or penalties.
- Definition: A data processor is the person, agency or public authority that actually processes personal data on the controller’s behalf.
- Responsibilities: Typically classified as places like law firms, accounting firms or doctor’s offices, processors are responsible for maintaining a record of activities in relation to the processing of personal data. They are also required to design, produce and implement IT processes and systems that enable controllers to acquire personal data as well as apply security measures that safeguard this information. Furthermore, processors are accountable for storing the data and transferring it from the controller to another organization or vice versa.
At TechReset, we have built our business around the principle of disposing your unwanted or obsolete equipment in a safe, controlled and ecologically-sustainable manner. This also includes performing secure data wipes and the total destruction of your confidential data which is especially important for those that handle data belonging to EU citizens and companies. As experts in Information Technology Asset Disposition (ITAD), we can help your organization remain GDPR compliant by providing secure data erasure and physical hard drive shredding services. Following the removal of information from your devices, you will receive a Certificate of Data Cleanse to verify that your data has been securely and completely destroyed.
Call us toll free at 1-800-403-3610 or fill out our online form to learn more about ITAD and find out how your organization can remain GDPR compliant with TechReset.