Professional Documents
Culture Documents
Data controllers
Refers to a natural or legal person, public authority, agency or other body
which, alone or jointly with others, determines the purposes and means of
the processing of personal data;
Data processors
Refers to a natural or legal person, public authority, agency or other body
which processes personal data on behalf of the controller;
What must a company do process data under GDPR? (Art. 6
GDPR)
• Must have legal basis for processing personal data. This means that an organization must have
the user’s consent prior to having their personal data collected and processed; or meet any of the
remaining legal bases in article 6 of the GDPR (e.g., required by law, contract, etc.).
• Must provide clear information about the organization’s data processing practices in its
privacy policy.
• Must implement appropriate technical and organizational measures to protect the security of
data.
• Must designate someone responsible for ensuring GDPR compliance across your organization.
• Must notify individuals their rights under the GDPR.
Right to be informed – gives individuals the
right to be informed about the collection and
use of their personal data.
Rights of
Right of access - gives individuals the right to
individuals request access (or copies) to any of their
under the personal information that a data controller is
processing.
GDPR (Art.
12-23) Right of rectification - gives individuals the
right to have personal data rectified if it is
inaccurate or incomplete.
Right of erasure - gives individuals the power to get their personal data
erased in some circumstances.
Rights of
Right to restrict processing - gives individuals the right to restrict (or
limit) the processing of your personal data in certain circumstances
under the so that they can transmit this data to another organization "without
hindrance."
GDPR (Art. Right to object to processing - gives individuals the right to object to the
processing of their personal data at any time.