This is typically a cross-functional team effort. As the digital marketer leading gdpr-relate activities will nee to work with it. Sales. Support. Engineering. Customer success. And product. For example. To ensure that data privacy processes and any dependencies are understood and supporte across the organization. Data protection officer the appointment of a dpo. Or data protection officer. Will help to steer the resources into place for gdpr compliance: [the] gdpr calls for the mandatory appointment of a dpo for any organisation that processes or stores large amounts of personal data. Whether for employees. Individuals outside the organisation.
The data controller can be define as
Dpos must be “appointe for all public authorities. And where the core activities of the controller or the processor involve ‘regular and systematic monitoring of data subjects on a large scale’ or where the entity conducts large-scale processing of ‘special categories of personal data.’” like that which details race or ethnicity or religious beliefs. Data controller and data processor digital marketing team members must also be familiar with the data controller and data processor roles. It’s imperative to understand in which scenarios they are the data controller. Or the data processor. The data controller can be define as: the person or body who determines the purposes and means of processing personal data. In plain english. You decide what the data is for – and what’s going to happen to it. The data processor can be define as:
A person or body who is separate from the data controller
a person or body who is separate from the data controller (i.e. Not an employee) and who processes personal data on behalf of that data controller. In other words. The controller gives the processor a specific job to do – and the processor does it. It is important for a digital marketer to know when they play either or both of these roles every time they deal with data in their roles. Legitimate business interest “legitimate business interest” means that there must be a clear reason for the business to collect and process particular data about a data subject. For example. This could be the name and home address of a customer for a pizza delivery business.