The management of data is the responsibility of many individuals. In this video, you’ll learn about data owners, data controllers, data processors, and more.
There are many different people in the organization responsible for different aspects of the data that we’re storing. And in this video, we’ll look at some of those data responsibilities. The first responsibility we’ll look at is the data owner. The data owner is usually someone at a higher level in the organization who is broadly responsible for that data that’s being stored. For example, the vice president of sales would be the data owner for all of the customer relationship data, and the treasurer of the organization would be the data owner for all of the financial information. These individuals are responsible for overseeing all aspects of this data, and they are ultimately responsible for all of the data associated with that particular role.
Two other important roles are the data controller and the data processor. The data controller is the one that manages how the data will be used, and the data processor is the one that is actually processing or using that data. It’s very often the data controller that provides instructions to the data processor on how that data should be used.
For example, a data controller might be someone like your payroll department, and a data processor may be someone like a payroll company. The payroll department is certainly responsible for making sure that everyone gets paid. They provide instructions to the data processor, or the payroll company, on how that payroll process should occur. As the data processor, the payroll company will have access to user information and bank details and will be able to process that weekly payroll.
And there’s very often a data custodian or data steward who is assigned to certain types of data. They are responsible for the security of that data and making sure that the data is both accurate and private. The data custodian or data steward is responsible for making sure that the organization is in compliance with any laws or regulations associated with that data. They may also be responsible for assigning sensitivity labels to the data and then associating those sensitivity labels with access control so that users can get to the data that they need. This is often the person who will be responsible for determining what particular user has access to exactly what type of data.