In order to ensure data privacy compliance, you must first understand your function in regard to the personal data you’re processing. Consider your role and responsibilities to determine whether you are a controller or processor.
Both controllers and processors are essential to data privacy compliance, complementing each other's roles to achieve transparency and accountability.
Controllers control the procedures and purposes of data usage. The controller dictates how and why the data is going to be used. Controllers are the main decision-makers, meaning they are in control by specifying how the data is going to be used by the processor. You exercise overall control in what data to process and why. If the request comes from someone you contact directly like a sales lead or customer – you are a controller.
Processors process any data that the controller gives it and acts on instructions. The processor is what the controller chose to use and process the data with. Even 3rd party services for processors don’t own the data that they process or control. This means that the data processor is bound by the instructions given by the controller. If you don't directly contact the requester; one of your customers does. – you are a processor.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.