Data “Controller”/ “Owner”

Data “Controller”/ “Owner”

Data Controller (EU)

The natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. In other words, even if your company does not ‘own’ the personal data, but you are making the primary decisions on how it is collected, used, stored, transferred, etc., then you are the data ‘controller.’ You may receive or collect personal data either directly from individuals (customers, employees), indirectly from a “vendor” (third-party, data processor), or possibly not at all.

Data Owner (US)

The entity who maintains, stores or collects data that includes the PII of an individual which they own or license. The Data Owner receives or collects PII either directly from individuals (customers, employees) or indirectly from a “Vendor” (Third-party, Data Processor). In certain instances, an entity may also be considered a Data Owner if they are the primary decision maker for what PII is collected, what it will be used for, and/or how it will be handled, even if they don’t ‘own’ it.


    • Related Articles

    • Data Inventory

      Identifies personal information as it moves across various systems and thus how data is shared and organized, and its location. The data can be categorized by subject area, which identifies inconsistent data versions, enabling identification and ...

    • Data Masking

      The process of de-identifying; anonymizing, or otherwise obscuring data so that the structure remains the same, but the content is no longer sensitive, in order to generate a data set that does not allow to the viewer to see the ‘masked’ confidential ...

    • Shadow Data

      Data which is being recorded over the Internet through channels like email, social media, Web browsing and online transactions, and indirectly via point-of-sale terminals, and mobile GPS. It is created when an individual sends an email, updates a ...

    • Data Wipe

      Use of a special software to remove information from compatible hard drives. This software may be included with the purchase of your device, or you may have to search for software compatible with your device to ensure proper data destruction. Most ...

    • Data Breach

      The unauthorized viewing, unauthorized acquisition, accidental publication, or loss of personally information data that compromises its security, confidentiality, or integrity, and which may lead to the accidental or unlawful use, destruction, loss, ...