Data controller is the person or a company who defines the purpose, means and conditions of how personal data is being processed. Data processor processes personal data on behalf of the data controller and is usually external entity from the data controller’s company.
Records of processing activities in GDPR Article 30
What are the records of processing activities (ROPA)? Article 30 of the EU General Data Protection Regulation (GDPR) requires organisations to maintain internal records, which