Data Subject: This is the person whose data is stored on systems. They give their personal data to allow organisations to for various needs.
Data Controller: This is a person/organization that collects data from Data Subjects.
Data Processor: This is a organisation that processes and manages data from data controllers.
Data Controllers are obliged to protect the privacy of their customers with trust and transparency. They require to adhere to local legal regulations. They must publish a privacy statement outlining what types of data will be stored and how that data will be managed. Data Controller needs to have policies in place to ensure that data and privacy is protected
- Opt-in/Opt-Out policies for Email & Lists
- Unsubscribe processes for Email
- Social media, disclosure and ethics
- SMS Text STOP compliance
- Telephone calling and call recording procedures
Data Controller ensures that the Data Processor is bound to manage the personal data of the controller’s subjects according to the wishes of the controller.
The Data Controller owns the data submitted to the system
The Data Processor will not edit, delete or view the subject data without permission of the Controller.
The Data Processor will not pass the data onto a third party.
The Data Processor will have the appropriate technology in place to protect the data.
At the end of the contract the Data Processor will remove all of the data they have managed.
The Data Processor will not transfer the data without the permission of the Data Controller.
The Data Processor may use aggregate statistical data to optimise delivery of services.
Data Processor should publish detail on their own service performance.