Contact
What is your role in data processing?
In personal data processing, you can assume different roles depending on your function. Depending on this role, your obligations regarding the processing will be different:
- The data controller: Specifically, you can act as a data controller if you are the one who determines why and how these personal data are processed, that is, the purpose and means of processing. You can also be co-data controller, if the decision about the purpose and the means is shared among various organisations.
- The data processor: On the other hand, you will be a data processor if someone else entrusts you with a service or project that involves processing personal data (you provide services on behalf of the data controller). You can also be a sub-data processor, if you process the data on behalf of the data processor.
- The data protection officer: The figure of the data protection officer (DPO) is key when it comes to ensuring compliance with data protection regulations in organisations, advising the entities that process the data and acting as a bridge between them and the APDCAT or the competent corresponding control authority. The DPO can be on the staff of the data processor or data controller, or act within the framework of a service contract. The DPO must inform and advise the management and staff of your organization on the obligations imposed by data protection regulations. This figure will also monitor that you comply with the regulations, advise you on the data protection impact assessment and cooperate with the APDCAT or the corresponding control authority, as they act as a point of contact for issues related to data processing.