The Differences Between Data Controller and Data Processor - LGPD

The Differences Between Data Controller and Data Processor - LGPD

7 months ago
João Bruno Soares
5 minutes

Now that we have the data flow within your company, we need to highlight 2 aspects of LGPD that will help you determine the extent of your responsibility in relation to the many points listed in the company. I'm talking about the difference between Data Controller and Data Processor.

How to determine the differences between the parties?

A simple example would be the roles between a company and its marketing agency. In this case, the company would be the data controller and the agency the data processor because their functions are distinct in the chain of services and responsibilities.

Always put yourself in the Data Subject's position.

For example, when the Data Subject goes to an e-commerce website to purchase a product, from their perspective, who are they entrusting their personal data to in order to make that purchase?

Can they know if the agency receives the lead and then enters it into the email marketing tool? No. Therefore, the e-commerce website becomes the data controller and the agency becomes the data processor. Each has their own role under the law, but all are co-responsible, in their respective functions, for the proper handling of the data of the Data Subjects.

Therefore, in your data mapping that we mentioned a few lines back, what is your role: data controller or data processor? Or, depending on your business model, both depending on the stage?

It is important for you to highlight this because, just as your responsibilities differ based on the role you perform, the way you handle a request for data deletion or data download is different. You may have the data on hand and the capability to deliver it to the Data Subjects.

However, it may also happen that you can only refer this power to the data controller, after all, you are just a link in the chain and do not have direct access to the data, but to some encryption that only provides you with anonymized visualization.

More Examples of Data Controller and Data Processor - LGPD

Other common examples where there are different roles but clear co-responsibility for the data and its use include:

Company <> Third-party Accounting Firm. Real Estate Company <> Third-party Brokers. Investment Fund <> Independent Agents. E-commerce Website <>Logistics companies and delivery services. Law firms <> Customer and employee qualification data.

In conclusion, it is clear the importance of an accurate listing of all data controllers and data processors within your company's data mapping. With this information in hand, it is advisable to link all parties involved in the process according to your privacy policy and terms of use.

In the future, we can discuss the obligations prescribed by the law.

However, you can also consult directly with your lawyer, especially if you have any legislation that supersedes the LGPD.

In our next article, we delve into the responsibilities of the Data Protection Officer or Data Controller. See you there.


Controller and Operator
Data Protection Officer - DPO

Related posts

Adopt post

What are Terms of Use and their importance for the LGPD?

Ignoring Terms of Use and their significance within a website, particularly now with LGPD, is a common mistake that both consumers and website owners frequently commit.

Adopt post

Outsourcing the DPO (DPOaaS), Is It a Good Idea?

The Data Protection Officer, or DPO, is a new position that emerged all over the globe with the new privacy regulations, and more recently at the LGPD. Although it already existed in other international legislations, such as the EU's GDPR, it is still a novelty here since 2020. Along with it comes the possibility of outsourcing, known as DPO as a Service (DPOaaS).

Adopt post

Data Protection Officer and LGPD, a Solitary or Teamwork Job?

How do you deal with a profession that didn't even exist a few years ago and is now mandatory in companies? That's precisely the question that arises when we think of the figure of the Data Protection Officer or DPO.

Adopt post

Why Give Consent on Every Website I Visit?

Have you ever noticed that every time you sign up for a service to access information or register on a website for purchases, you need to give consent? If you're wondering why you have to give consent on every website you visit, you'll find the answer here.

Adopt post

Understand the meaning of the LGPD for your company

Surely you've already seen the predictions of fines and sanctions, processes. But, what does it mean to your company?

Adopt post

10 Marketing Processes You Should Rethink under the LGPD!

In the end, our goal has never been to predict doom for companies or to be part of the LGPD's Apocalypse Cavalry. But, since we've been in the market for some time, these kinds of issues always catch our attention when we start data mapping and having conversations with colleagues.

Adopt post

Best practices in tag categorization

It's time to talk about one of the most impactful tasks, both for the company and for the visitors of your websites: tag categorization. But why is it so impactful? What is the relevance of this configuration and how can it affect us? It is precisely because of these common questions we receive from our clients that we have written this article on best practices in tag categorization.

Adopt post

What is the difference between cookies, local storage, and session storage?

Despite cookies being more well-known, what is the main difference between cookies and session storage and local storage? Why choose one over the other? This article will help you with these doubts!

Adopt post

GDPR, LGPD, and CCPA: What Are These Laws, Similarities, and Differences

LGPD, GDPR, and CCPA are data privacy regulations. In this article, we discuss their similarities and differences for practical application.

Adopt post

Data Mapping or Data Inventory - a life jacket for the DPO!

With the data mapping we have a clear understanding of the 5 stages that every data goes through in a company.

Adopt post

What is a privacy policy?

While it's not exactly breaking news, discussions about privacy policies have been popping up more frequently since the start of GDPR in Europe. And despite it seeming coincidental, it's not!

Adopt post

Responsibilities of a data protection officer.

Drawing an analogy from the world of soccer, we can think of the DPO as the "midfielder" of the team, responsible for connecting the defense and the attack.

Adopt post

ROPA in LGPD? Get to Know the Records of Processing Activities.

Brazilian LGPD - General Data Protection Law brought with it several acronyms and specific terms. Many of them are imported from other countries and regulations. One of them is ROPA (Record Of Processing Activities), adapted in Brazil to Registros das Atividades de Tratamento. An essential document for any DPO, Data Processor.

Adopt post

Understand the legal bases of the LGPD

At the beginning of everything are the legal bases of the LGPD, that is, the legal grounds (legitimate reasons) why companies not only can, but must access customer data in order to do their jobs well.

Adopt post

Why are cookie banners everywhere?

Want to understand why there are cookie banners on every website you visit today? This article is for you!

Adopt post

How to delete cookies and cache in Chrome and other browsers?

Tired of the ads from that site you visited following you around? Is your computer running slow when accessing a particular website? Want to delete all cookies from a specific service or site?

Adopt post

LGPD and Cookies all do you need to know?

In this article, you will have a great introduction to the topic, as well as various other variations that revolve around the subject: Cookies and LGPD.

Adopt post

Fines in LGPD - What are they, amounts, and compliance deadlines

In this article, we will answer all your questions regarding fines under the LGPD (Brazil's General Data Protection Law).

Adopt post

Key Differences between LGPD and GDPR and the Impact on Internet Cookies

While both regulations share the goal of safeguarding individuals' rights regarding the processing of their personal data, there are some important differences between them. It is crucial to understand these distinctions and their implications, particularly in the context of internet cookies.

Adopt post

How to choose a Cookie Banner for your website

What are the criteria for this choice, and what are the strengths and weaknesses of each option? Well, we're here to help you because this decision needs to be well thought out!

Address: 7345 W Sand Lake Road, Ste 210 Office 5898 Orlando, FL 32819
EIN: 86-3965064
Phone: +1 (407) 768-3792



Legal Terms

© GO ADOPT, LLC since 2020 • Made by people who love