Data “Controller”/ “Owner”
Data Controller (EU)
The natural or legal person, public authority, agency or any other body
which alone or jointly with others determines the purposes and means of the
processing of personal data. In other
words, even if your company does not ‘own’ the personal data, but you are
making the primary decisions on how it is collected, used, stored, transferred,
etc., then you are the data ‘controller.’ You may receive or collect personal data either directly from
individuals (customers, employees), indirectly from a “vendor” (third-party, data
processor), or possibly not at all.
Data Owner (US)
The entity who maintains, stores or collects data that includes the PII
of an individual which they own or license. The Data Owner receives or collects PII either directly from individuals
(customers, employees) or indirectly from a “Vendor” (Third-party, Data
Processor). In certain instances, an
entity may also be considered a Data Owner if they are the primary decision
maker for what PII is collected, what it will be used for, and/or how it will
be handled, even if they don’t ‘own’ it.
Related Articles
Data Classification
A scheme that provides the basis for managing access to, and protection of, data assets.
Data Masking
The process of de-identifying; anonymizing, or otherwise obscuring data so that the structure remains the same, but the content is no longer sensitive, in order to generate a data set that does not allow to the viewer to see the ‘masked’ confidential ...
Data Elements
The different types of personal information processed by data processors. Typical data elements include name, date of birth and numerical identifiers. Organizational data elements tied to both individuals as well as organizations include business ...
Data Breach
The unauthorized viewing, unauthorized acquisition, accidental publication, or loss of personally information data that compromises its security, confidentiality, or integrity, and which may lead to the accidental or unlawful use, destruction, loss, ...
Data Inventory
Identifies personal information as it moves across various systems and thus how data is shared and organized, and its location. The data can be categorized by subject area, which identifies inconsistent data versions, enabling identification and ...