Knowledge Base CSR Readiness™ Glossary of Terms A - D

            Data “Controller”/ “Owner”

            Data Controller (EU)

            The natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. In other words, even if your company does not ‘own’ the personal data, but you are making the primary decisions on how it is collected, used, stored, transferred, etc., then you are the data ‘controller.’ You may receive or collect personal data either directly from individuals (customers, employees), indirectly from a “vendor” (third-party, data processor), or possibly not at all.

            Data Owner (US)

            The entity who maintains, stores or collects data that includes the PII of an individual which they own or license. The Data Owner receives or collects PII either directly from individuals (customers, employees) or indirectly from a “Vendor” (Third-party, Data Processor). In certain instances, an entity may also be considered a Data Owner if they are the primary decision maker for what PII is collected, what it will be used for, and/or how it will be handled, even if they don’t ‘own’ it.

            Updated: 09 Aug 2017 01:34 AM
            Help us to make this article better
            0 0