Skip to Content
Building Effective Privacy Programs
book

Building Effective Privacy Programs

by Jason Edwards, Griffin Weaver
August 2025
Intermediate to advanced
448 pages
23h 26m
English
Wiley
Content preview from Building Effective Privacy Programs

Chapter 4Roles and Relationships

The success of any privacy program hinges on a clear understanding of the roles and relationships that govern the collection, processing, and protection of personal data. These roles—defined by regulations like the General Data Protection Regulation (GDPR) and mirrored in other privacy frameworks—establish the foundation for accountability and compliance. At the core of this structure is the data controller, who decides how and why data is processed, and the data processor, who acts on the controller’s behalf. Beyond these primary roles, relationships include subprocessors, joint controllers, and cross-border collaborations, creating a complex network of responsibilities.

Navigating these roles is essential for regulatory compliance and building trust with data subjects and stakeholders. Each role carries specific legal obligations, from safeguarding personal data to upholding data subject rights. Missteps in defining these responsibilities can lead to confusion, gaps in accountability, and significant legal or reputational risks. By understanding and formalizing these roles, organizations can ensure that personal data is managed ethically and securely across the data lifecycle.

The relationships between controllers, processors, and subprocessors often extend across organizational and geographic boundaries, adding layers of complexity (see Figure 4.1). Subprocessors, for instance, are increasingly relied upon to handle specialized tasks like ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

Information Security and Privacy Quick Reference

Information Security and Privacy Quick Reference

Mike Chapple, Joe Shelley, James Michael Stewart
Building a Cyber Risk Management Program

Building a Cyber Risk Management Program

Brian Allen, Brandon Bapst, Terry Allan Hicks
Defensive Security Handbook, 2nd Edition

Defensive Security Handbook, 2nd Edition

Lee Brotherston, Amanda Berlin, William F. Reyor

Publisher Resources

ISBN: 9781394342631