GDRPR stands for General Data Protection Regulation and this law came into existence in 25th May 2018. The law was enforced to bring security to the personal information of the European Union residents. This law is applied to any business that holds personal data in any way. In this article we will discuss the overview of key GDPR roles and responsibilities.
Controller is the personal or any legal body that decides the purpose and means of processing personal data. For an example, when processing an employee’s personal data, the employer is considered to be the controller. Joint data controllers may be required under some situations. The key role of the controller is is to be responsible, i.e. to take action in accordance with the GDPR, and to be able to demonstrate compliance with the GDPR to data subjects and the Supervisory Authority as and when appropriate.
A natural individual or legal entity that handles personal data on behalf of the controller (e.g. call centers working on behalf of the client) is known to be a processor. Often the processor is often considered a third party.
The main responsibility of the processor is to ensure that the requirements set out in the Data Processing Agreement negotiated with the controller are always met and that the responsibilities set out in the GDPR are fulfilled.
Data Protection Officer (DPO)
The Data Protection Officer is a leading role required by the European Union GDPR. This role exists within organizations that process the personal information and data of EU residents. It is DPO who will watch over methodology, policy and execution of data security. In short, DPO has to make its organization GDPR compliance.
The main role of the DPO is to ensure compliance with the General Data Protection Regulation and to advise the agency management and employees on the necessary steps to be taken to comply with GDPR.
Supervisory Authority The responsibility of the Supervisory Authority is to advise organizations on GDPR, perform audits on compliance with GDPR, address complaints from data subjects and issue penalties where companies are intentionally not compliant with GDPR.