What roles are defined by GDPR?

The GDPR classifies entities as either a Data Controller, a Data Processor, or a Data Subject.

Data controllers determine how personal data is processed, while data processors process personal data on behalf of a data controller. It is possible to be both a Data Controller as well as a Data Processor. A Data Subject as anyone that has their data shared.

  • ARTA is a Data Controller for any personal data collected and shared by ARTA Users (ARTA account holders), who are Data Subjects.
  • ARTA is a Data Processor for any personal data collected on Third Parties that has been supplied by an ARTA User. In this instance, ARTA Users are the Data Controllers for that Third Party information, and the Third Party is the Data Subject.