Home Conundrum Explication Outcome Prof Services Contact Us

Beyond Reasonable Doubt

Identity Processor

As an Identity (data) Processor acting on behalf of an Identity Controller it is important to act only on the Controller’s instructions and have no further purpose for processing Identity data.

Many organisations, as ‘controllers’, outsource their information processing to specialist 3rd party providers which GDPR refers to as a ‘processor’. A controller trusts the processor to act only on documented instructions and is responsible for processing personal data (PPID) on behalf of a controller. The GDPR places specific legal obligations on a processor; for example, maintain accurate records of personal data and processing activities, and will have legal liability if responsible for a breach.

So why is this important…?

Article 5(1)(f) of the GDPR concerns the ‘integrity and confidentiality’ of personal data (PPID). Personal Data (PPID) shall be:

“Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures”.

Objectsofts’ regulatory business process (e-ntitle.®) enables organisations who wish to process personal data (PPID) to become GDPR-compliant in both roles of ‘controller’ and / or ‘processor’. e-ntitle.® is an IdMaaS (ID Management As A Service) optimised so that the burden of compliance is minimised without compromising compliance. In addition, GDPR provides Identity Owners of PPID (data subjects) with the right of access to their personal data (PPID) and as ‘rights of the individual’ is quite an extensive area (GDPR, Articles 12 to 23), please see our separate ‘Identity Owner’ section for further detail on e-ntitle.® and how it serves the individual rights of identity owners.