Key roles defined in EU GDPR

European General Data protection regulation (GDPR) was launched in May 2018. The law was enforced to protect the personal data of EU citizens.  There are few organization and individual that are affected by the GDPR and there are few keyword roles defined in EU GDPR.

Here will address who these and the other protagonists are that define this European regulation.


Data Subject

In the official English version of the Law, the word “data subject” is used to refer to European Union resident whose personal data is being processed.

Data controllers

Data controllers are the key player of GPDR. They have all the reasoning behind data collection and over the means and method of data processing. These can be any companies who have stored the data of EU citizens from any source. If there are two or more controllers who collect and process data then they are called joint controllers.

It is the controller who is answerable for the strictest levels of GDPR compliance. They are responsible for GDPR compliance of the processors they use to process the data. It is the controller who is responsible for deciding where the persona data of EU residents will be used and also for the reasons for which security of privacy is to be applied. They also decide how long to retain the data for.

Data Processors

Organization or individual that process the data of controller are known as data processors. They work on behalf of the controller and take instructions from them. Any individual users can make claims for compensation and damages against both processors and controllers. Like controllers, they do not have to pay any data protection fee and they also do not have same level of legal obligations as controllers under GDPR. Though supervisory authorities like the ICO can take action against data processors for any breach.

Data Protection Officer

The Data Protection Officer is a leading role required by the European Union GDPR. This role exists within organizations that process the personal information and data of EU residents. It is DPO who will watch over methodology, policy and execution of data security. In short, DPO has to make its organization GDPR compliance.


Above are the key roles that are defined in EU GDPR. Each one has their own responsibilities and should always work towards the security and safety of the personal data of EU residents.

Leave a Comment

Your email address will not be published. Required fields are marked *