Skip to content

GDPR Essentials (for SaaS clients) – Data Owner vs Data Processor

Being in direct contact with the GDPR process and discussing it with clients for a SaaS company, identified an important confusion or lack of information clients do regarding the roles and responsibilities in the process.

In this short post i will try to clarify the the responsibilities of both major roles.

GDPR mentions 2 major profiles:

  • The Data Owner/Controller
  • The Data Processor

You as client are called the “Data Owner/Controller”

The SaaS client uses an external supplier as technology partner, meaning everything stored in their systems is YOUR DATA, making you the Data Owner/Controller

Your supplier is the Data Processor

The supplier is the Data Processor that will operate under your direct instructions, therefore every action done by the Data Processor MUST be under direct instruction from the Data Owner.

Summarizing, the Data Owner (the client) is the responsible for all data and must ensure that the supplier (Data processor) provides every functionality and/or requirement for the client to comply with GDPR.

Image credits:

Published inComplianceGDPR

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *