undefined | Better HN

0 pointsdrewmol7y ago0 comments

from Article 4:

(7) ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

(8) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Generally speaking, site X is the data controller and the third party JS providers are the data processors. GDPR applies to both, with the controller being the party primarily responsible for ensuring compliance.

0 comments

lucb1e7y ago

+1 for actually mentioning (let alone citing!) the article. There is so much information floating around, much of which slightly exaggerated, misinterpreted or misremembered, and if you want to check it you basically have to go and search through the whole thing. Even Dutch data protection authority has lots of info and FAQs without any reference to the law at all. So whenever I refer to it, I often have to go "at least, that's what our national authority says, I have no idea which article in the international law this is based on. Here, go and read some Dutch!"

j / k navigate · click thread line to collapse

0 pointsdrewmol7y ago0 comments

from Article 4:

(8) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

0 comments

lucb1e7y ago

j / k navigate · click thread line to collapse