The role of Data Controller is to ensure compliance with the requirements of The Data Protection Act 1998 (The DPA).
The DPA defines data controller as a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. (S1.910).
‘Person’ in this context means a ‘legal person’ and comprises individuals as well as organisations.
The DPA provides that it is the duty of a data controller to comply with the Data Protection Principles relation to all personal data with respect to which he is the data controller. (s.4(4)).
If a person, either individually or together with another, decides the purpose for which the personal data is to be processed then they are the Data Controller regardless of what is written on their office door.
It can be appreciated that the Data Controller takes on considerable responsibility and those who perform the role should exercise a degree of control over all the procedures with regards to processing personal data. They should ensure:
The data is kept secure,
It is only used for the specific purposes allowed,
That the rights of the individual are serviced.
‘Secure’ does not only mean to stop those outside the company from gaining access to it but also those within it who have no right to.
‘Purposes’ can depend to a great extent on what the individual person to whom the data relates has agreed to.
If an individual so requests the Data Controller must tell them if their personal data is being processed by or on behalf of the company. They must be given a description of any personal data, the purpose for which they are being processed, and those to whom they are or may be disclosed.
The individual is also entitled to be informed of all the information which forms any such personal data.
Data Controller has a vital function in any company involved in email marketing. Performed correctly it will foster trust between company and customers.