During a GDPR compliance workshop, a multinational organization is mapping out how it handles customer data. One project stakeholder is tasked with deciding why the data is collected, how long it will be retained, and which internal systems or third-party services will process it. According to privacy terminology, what role does this stakeholder perform within the organization?
Under the GDPR and similar frameworks, a controller is the natural or legal person that, alone or jointly with others, determines the purposes ("why") and the means ("how") of processing personal data. A processor merely performs the processing tasks on the controller's instructions. Because the scenario asks who decides the purpose and means, the correct role is the controller; the other listed roles do not carry that authority.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between a data controller and a data processor under GDPR?
Open an interactive chat with Bash
Why is the controller important in GDPR compliance?
Open an interactive chat with Bash
What obligations does a processor have under GDPR?