Identity Controller
As a Data Controller it is important that organisations consider carefully why and what identity data is actually necessary to support business activity.
Any organisation (legal person) that determines the purposes and means of processing our personal data (PPID) is considered the ‘controller’ who is accountable under the EU GDPR. Controllers have to demonstrate compliance with all the GDPR data protection principles and requirements and are also responsible for the compliance of personal data (PPID) processor(s) who perform processing on their behalf.
So why is this important…?
EU regulations are now spreading across the world (the extra-territorial effect of the GDPR) and are being utilised to return control to the owner of the data including identity data. How that data is controlled is being regulated and the effects of non-compliance is being felt not just by large global companies, but by individuals too. It is important to be able to understand how an existing Operating Model needs to consider adapting to this evolving new world order that changes the management of our PIID.
Objectsofts’ strategic consulting helps organisations of all kinds, to scope and define what PIID should be processed to achieve legitimate purposes and ensure that criteria such as relevancy and adequacy are not excessive. This analysis informs those critical board level decisions that determines lawful processing – the accountability principle of GDPR (Article 5) places responsibility for compliance at board level.
