A controller is a party that determines what Personal Data is processed for what, how long these data are kept on the archive, where data are stored, and how data are cleansed and/or clean up/deleted.
Also, the Controller needs to organize for the Data Subject – the owner of the Personal Data – to be able to view/edit/ask for the deletion of the data. When a Processor is engaged, the Controller is responsible for initiating and enforcing a Processing Agreement.
The PNO Controller role can be on Advice – Management support for clients under the banner of shared responsibility, on Compliance service by ffiqs certified by ISO 27001, delivering a SaaS service (will be worked on in 2020 / 2021) or as a Beneficiary EU consortium. Click on the links in this paragraph for a ‘GDPR road map’.