There is a difference between a controller and a processor in data privacy. A controller is the person (or business) who determines the purpose for which the personal data is processed; the processor is anyone that processes the personal data on behalf of the data controller.

Top 3 Takeaways From The IAPP Global Summit 2018, Part Two

  • Federal agencies are adding privacy programs into their information system development lifecycle using the Risk Management Framework, which is basically a data map of system information flows and information security protocols tied in with privacy risk analysis.
  • Companies must view the replacement of the 1995 standards with the new GDPR standards as an opportunity to develop and implement data governance, protection and privacy within the companies’ and consumers’ expectations. There are four big points: segment (initial screening), controls assessments (documentation), ongoing monitoring (audits and risk-based monitoring), and remediation (restricted limitations, scheduled improvements, and geographic limitations).
  • Bank CPOs are constantly met with new challenges and must work within legal/regulatory compliance, risk management, etc. It’s crucial for CPOs to have an open line of communication with CISOs during data decisions, rather than enter the picture when there is already a major incident response.