Back arrow
Cloud data security posture management
Handling Sensitive Data

Who holds resonponsibility for data security?

Data Responsibilities

The administration and security of data requires the collaborative effort of numerous stakeholders in organizations, each with their own specific responsibility.

Who is responsible for protecting data?

The administration and security of data require the cooperation of numerous individuals within an organization who have differing and complementary responsibilities. There are several titles associated with these positions, some of which partially overlap.

Data Owner: A Data Owner has full legal authority and control over all data components, and is responsible for the organization's classification, protection, usage, and quality of one or more data sets.

Data Steward: A Data Steward is a subject-matter expert who has a thorough understanding of a specific data set. In accordance with the data governance principles established by the Data Owner, the Data Steward oversees the maintenance and implementation of the classification, protection, use, and quality of that data. Data Stewards are appointed to assist Data Owners in putting data policies into action.

Data Custodian: A Data Custodian is often a person in an IT position who oversees managing the infrastructure for storage and security. Data Custodians concentrate on the "how" of data storage, and likely get day-to-day tasks from the Data Owner. They can structure or restructure a relational database system, employ middleware to support a central data warehouse, or provide workflows or schemes that demonstrate how databases are organized.

Data Subject: A person who may be identified, either directly or indirectly, by using an identifying number or one or more characteristics that are unique to their identity in terms of their physical, physiological, mental, economic, cultural, or social characteristics (e.g., telephone number, IP address).

Data Controller: The individual who, alone or with others, decides on the objectives and means of the processing of personal data. This individual may be a person, a company, a public authority, an agency, or another entity. National or community laws may identify the controller or the precise requirements for the nomination of the controller where the aims and means of processing are governed by such laws or regulations.

Data Processor: A human or legal being, governmental entity, business, or other organization that handles personal data on behalf of the controller. In some cases, an entity can be both a data controller and a data processor.


GDPR data controllers and data processors 

Cloud data security posture management

Drive secure & compliant data growth

Get a Free Risk Assesment