Professional Documents
Culture Documents
09 OteroZapata - Principles, Actors and Roles
09 OteroZapata - Principles, Actors and Roles
General Secretariat
Data Protection Unit
2. purpose limitation
3. data minimisation
4. accuracy
5. storage limitation
And accountability as a cornerstone: the controller shall be responsible for and be able to
demonstrate compliance with these principles
| 2|
Lawfulness
| 3|
Consent
| 4|
Conditions for consent
| 5|
Accountability
| 6|
ACTORS
European
National
Data
Supervisor
Protection
y Authority
Board
Data
Processor
Subject
DPO Controller
| 7|
DATA SUBJECTS
| 8|
CONTROLLERS, PROCESSORS AND
DPOs
| 9|
Processor
CONTROLLERS
| 10
|
PROCESSORS
• Processors proceses personal data “on behalf of the controller” and only
on documented instructions. Processor must be a separate legal entity or
individual from the controller.
| 11|
DATA PROTECTION OFFICERS
| 12
|
SUPERVISORY AUTHORITIES
| 14
|
Lead Authority
| 15
|
Lead Supervisory Authority
Further reading WP244 rev01 Guidelines for identifying a controller or processor’s lead
supervisory authority - endorsed by the EDPB
| 16
|
EUROPEAN DATA PROTECTION
BOARD
| 17
|
Other actors
• National courts
• European Court of Justice
• European Data Protection Supervisor (EDPS) - the
Supervisory Authority for EU Institutions
| 18
|
Thank you,
do you have questions?
data.protection@consilium.europa.eu
| 19
|