GRC Data roles and responsibilities

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/6

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 2:18 AM on 5/15/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

7 Terms

1
New cards

Data Owner

Usually a high-level executive (e.g., VP of Sales, Treasurer) who is legally responsible for a data set, classifying it, and deciding who has access.

2
New cards

Data Custodian

A custodian turns security policies into action by setting permissions on a file share, configuring SQL firewalls, or running backups.

3
New cards

Data Processor

Acts on behalf of the Data Controller to handle, store, or process the data (e.g., a third-party payroll provider).

4
New cards

Data Controller vs. Processor

Data Controller: Determines the "Why" and "How" (the purpose and means)

5
New cards

Data Controller

Defines how and why data is collected and used (e.g., the HR department managing employee records).

6
New cards

Data Steward

A steward ensures that data is properly labeled and that privacy rules (e.g., GDPR) are applied to the business logic of the data.

Difference from Custodian: Stewards focus on data content and business rules, while Custodians focus on technical systems and storage.

7
New cards

Privacy Officer / DPO (Data Protection Officer)

A mandatory position in many organizations responsible for ensuring compliance with regulations like GDPR or HIPAA.