Data subject
A person who can be directly or
indirectly recognized by an identifier, such as a name, an ID number, location
information, or characteristics related to their medical, physiological,
genetic, mental, economic, cultural, or social identity, is referred to as a
"data subject."
In other terms, a data subject is any
individual who is still alive whose personal information may be obtained and
used.
Data subjects have a number of rights
under the General Data Protection Regulation (GDPR), including the right to
access their personal information, the right to have inaccurate information
corrected, and the right to be forgotten.
Some examples of instances of data
subjects are:
Staff members of the business
Supplier to the business
Clients of a physician
pupils in a school
Data controller
A person or organization that chooses
the objectives and tools for processing personal data is known as a data
controller. To put it another way, the data controller determines what
information is gathered, how it is utilized, and how long it is kept on file.
Data controllers can be public or
private organizations, and they can be large or small. Some examples of data
controllers include:
· Public institutions that gather residents' personal information
· Healthcare organizations that gather patient information
· Institutions that collect data about students
· Social media sites that gather user information
In accordance with General Data
Protection Regulation legislation, data controllers have a variety of
obligations, including:
· Getting the subject's consent before collecting and using their personal information.
· Clearly explaining to users how their data is used
· Providing data subject with the ability to view and manage their data
· Taking measures to protect their data's security
Data Processors
An entity that handles personal data
processing on behalf of a data controller is known as a data processor. In
other words, the data processor does not control the types of data that are
gathered, how they are used, or how long they are stored. The data processor
merely executes the data controller's commands.
Data processors can be public or private
organizations, and they can be large or small. Some examples of data processors
include:
· SaaS providers
· Cloud computing providers
· IT service providers
· Marketing agencies
· Credit card processors
· Payment processors
Data processors have a number of
responsibilities under data protection laws, such as:
· Processing personal information only as directed by the data controller
· Protecting the privacy and security of personal data
· Ensuring that the rights of data subjects are upheld
· Working cooperatively with the data controller to address inquiries from data subjects
Data protection officer
The person in charge of ensuring that an
organization complies with data protection rules is known as a data protection
officer (DPO). The DPO serves as an independent and neutral advisor to the
management of the organization on all matters pertaining to data protection.
The DPO's responsibility is to make sure
the company complies with all relevant data protection laws and rules. This
comprises:
· advising the organization on its policies and practices regarding data protection
· the organization's data processing activities are being watched to guarantee compliance.
· carrying out data protection impact analyses (DPIAs)
· addressing requests from data subjects
· collaborating with authorities in data protection
