Let’s explain a few definitions used in the GDPR world

[rakibhasanbd4723]

Controller, Processor, Data Subject & Data Protection Officer – definitions


Controller (or administrator) – a natural or legal person which uses the data to achieve business goals.
In our case, it is usually the application owner.
Data processor – a natural or legal person which processes the data on behalf of a controller.
For example, 3rd party services like Google, Amazon, Fabric, HockeyApp and so on are all data processors. Sometimes collaborating/outsourced development companies bulk mobile database may also be considered data processors.
Data subject – a natural person whose data is processed. Basically, in our case, it is an app user.
Data protection officer – a natural person designated by the controller or processor to help them and their users with GDPR compliance. This is only required if the amount of processed personal data is significant and/or such data is sensitive.
GDPR Penalties
The controller and processor are subject to administrative fines if they infringe the provisions laid out in the GDPR, even if the infringement is not intentional. There are two fine tiers.

a) Up to 10,000,000 EUR or up to 2 % of the annual turnover of the preceding year (whichever is higher) – for the controller, processor, monitoring body and certification body who infringe their obligations.