Each of these roles plays a key part in the data lifecycle.
The Processor’s key responsibility is to make sure that their customer, the Data Controller, is aware of the regulation and assist them in making sure that their application is GDPR compliant.
The Controller’s key responsibility is to make sure that they have the correct permissions to use the personal information of the Subject as well as keep them informed of your practice.
The Subject’s key responsibility is to keep the Controller accountable to their actions.
It is the job of the Processor to make sure that the Controller has the knowledge to comply with the GDPR and to make sure that their product is also compliant. We are now starting to see many large organisations acknowledge the regulation and beginning to educate their customers – Read Google Cloud Platforms stance on the GDPR
Let’s take a look a Salesforce as the Processor;
Who is the Processor?
What is their relation to the GDPR?
The Salesforce platform easily allows it’s users to frivolously process personal data without any requirements on consent.
What steps are they taking?
Salesforce have taken a multi-layered approach to distributing their GDPR content
- For the general customers, they have created a page on their website to store all of their GDPR resources. They have done a very good job of breaking down the language and making it easier to understand for their customers.
- For the legal experts, they have published an addendum on data protection that will address more of the legal issues.
- For Salesforce experts, they have released a module on Trailhead that walks through the general principles of the GDPR.
It is the job of the Controller to make sure that they are compliant with the GDPR and have made clear to the customer, Unfortunately there is far to much for you to do to include it in a breakdown.
The first step you can take is to document your process, check out our blog on the first 5 steps that any Admin should be taking!
You are the subject in many cases! It is your responsibility to keep the organisations you deal with accountable!
If you have any questions or would like to contribute content, please email us at firstname.lastname@example.org!