Businesses collect, use and store personal data. It’s unavoidable. An email address, phone number, birthdate, postal address – these are all personal data that allow someone to identify or contact an individual. Other information is far more sensitive, such as health information, religious preference, political beliefs, race or ethnic origin, sexual preference, and financial details.

The European Union’s General Data Protection Regulation (GDPR) classifies businesses that hold personal data as controllers or processors. The GDPR applies directly to both controllers and processors, but in different ways. This podcast explores the meaning of controller and processor and how cross-border businesses can meet the differing requirements imposed by the GDPR.