An educational series on the EU's soon-to-be-implemented General Data Protection Regulation (GDPR)
Understanding your company's GDPR risk exposure is essential. To this, it is often helpful to identify how regulators would categorize your company.
In other words, are you a controller or a processor?
A "controller" is the party that ultimately owns the relationship with the consumer and determines what happens with their data. A "processor" is the party contracted by the controller to execute its decisions with regard to consumer data.
For example, imagine an insurance company that represents EU citizens. It collects information from its customers and emails them from time to time. To do this, the insurance company uses an Email Service Provider (ESP). The insurance company is the controller and the ESP is the processor.
Under GDPR, most of the regulatory onus is on the controller. But there are some obligations that processors must meet as well.
In many cases, controllers are liable for the actions of their processors. Companies must ensure compliance across all vendor relationships that manage data in and out of EU sources.
In turn, processors can get their clients (and themselves) into very hot water with GDPR violations. They must understand their responsibilities and in fact can gain a competitive advantage by demonstrating their GDPR preparedness as full implementation of the rule approaches.
For more informative videos about GDPR, click here, or to view a full webinar on GDPR and consent capture best practices, click here.
About the Author:
Eric V. Holtzclaw is Chief Strategist of PossibleNOW. He's a researcher, writer, serial entrepreneur and challenger-of-conventional wisdom. His book with Wiley Publishing on consumer behavior - Laddering: Unlocking the Potential of Consumer Behavior - hit bookstores in the summer of 2013. Eric helps strategically guide companies with the implementation of enterprise-wide preference management solutions.