Data controller and its responsibilities
Data obtained through a Findata data permit is in practice almost always personal data. It constitutes a personal data register, which must have a designated data controller.
What is a data controller?
A data controller is a person or organisation that determines the purposes and means of processing personal data.
In scientific research, the data controller is usually a research organisation, such as a university or research institute.
For Findata data permits, the data controller is most often the same party as the permit applicant.
Responsibilities of the data controller
Lawful processing
The data controller ensures that personal data are processed in compliance with legal requirements and data protection principles.
Research planning
The data controller prepares the research plan, defines the research questions, and plans the lifecycle of data processing.
Data subjects’ rights
The data controller ensures that the rights of data subjects are respected.
The processing of personal data includes activities such as collection, analysis, storage, retention, disclosure, and erasure.
Data controller or data processor?
Data controller
determines the purposes and means of processing personal data.
Data processor
processes data on behalf of the data controller according to its instructions and does not decide on the processing itself.
The responsibility for compliance and the rights of data subjects always remains with the data controller.