A controller is a party that determines what Personal Data is processed for what, how long these data are kept on the archive, where data are stored, and how data are cleansed and/or clean up/deleted.
Also, the Controller needs to organize for the Data Subject – the owner of the Personal Data – to be able to view/edit/ask for the deletion of the data. When a Processor is engaged, the Controller is responsible for initiating and enforcing a Processing Agreement.
The PNO Controller role can be on Advice – Management support for clients under the banner of shared responsibility, on Compliance service by ffiqs certified by ISO 27001, delivering a SaaS service (will be worked on in 2020 / 2021) or as a Beneficiary EU consortium. Click on the links in this paragraph for a ‘GDPR road map’.
The Processing Agreement, Privacy Statement, Disclaimer, Netiquette, Cookie Policy, and General Terms & Conditions are standard PNO binding texts explaining legalities. They are standard available in English, and some are translated in/adapted to ‘PNO-country-languages/law’. Click for a complete overview here.
PNO is 100% transparent on Personal Data processing, listing the data at hand, procedures for Data Subjects to exercise their rights, and mentioning (sub) Processors or third parties involved.