Data Roles and Responsibilities – SY0-601 CompTIA Security+ : 5.5

The protection and management of data is a team effort. In this video, you’ll learn about data owners, data controllers, data processors, data stewards, and data protection officers.


There are many people in an organization who are responsible for our data. Some of these people are technicians that work at the very low levels with this data, but there are also responsibilities at the management layer of the organization. For example, at a management level, you might have a data owner. This is a person in the organization who is responsible for a certain set of data.

An organization might have a vise president of sales, and that individual is responsible for all of the customer relationship data, or there might be a treasurer in charge of the financial organization for the company, and that individual is the data owner for all of those financial details.

It’s also useful to separate the individuals that process the data, from the individuals that control the data. The data controllers are responsible for the purposes and means by which the data is processed. The data processors are working on behalf of the data controllers, and sometimes this can even be a third-party.

As an example, let’s look at the payroll process within an organization. There’s probably a payroll department within your company, and they’re considered to be the data controller. Because they’re the ones that define how much people get paid, and when they get paid. But it’s very common for a company to work with a third party to actually process the payroll, and that would be a third-party payroll company. They’re considered to be the data processor.

The information regarding payroll is sent to the data processor, they will make sure that checks are mailed and that the electronic transfers occur, and they will store employee information and be able to report on text information at the end of the year.

Within your company, there is probably one or many data custodians or data stewards. This is someone who’s responsible for the accuracy of the data, for keeping all of your data private, and the security associated with the data that’s stored in your systems. This is also the user or group that will identify or set labels associated with data, so that exactly who might have access to that data.

This is also the group that keeps track of all the laws and regulations associated with data so that your organization complies with all of those rules. And they may implement the security controls for the data and determine exactly who might have access to that information.

Many companies also have a data protection officer or DPO. This is a higher-level manager who is responsible for the organization’s overall data privacy policies. This person will define exactly what the privacy policies are for your organization, they will make sure processes are in place so that all of the data remains private, and they’ll have procedures for handling data throughout the workday.