Skip to main content

Like many websites, BSA’s websites use cookies to ensure the efficient functioning of those websites and give our users the best possible experience. You can learn more about how we use cookies, and how you can change your browser's cookie settings, in our cookies statement. By continuing to use this site without changing your cookie settings, you consent to our use of cookies.



Consumer Rights to Access, Correct, and Delete Data: A Processor’s Role

This document focuses on what processors can (and cannot) do in helping controllers respond to consumer rights requests. It explains that processors play an assisting role and should not be obligated to respond directly to consumer requests to access, correct, and delete their personal data. Instead, the processor should help the controller when those requests seek data held by the processor.

The document also focuses on the key point of what that assistance should look like – and explains that a processor can fulfill its obligation to assist the controller by creating a tool the controller can use to execute consumer requests itself, rather than requiring the processor to respond 1:1 to requests from the controller.




Related: The Global Standard: Distinguishing Between Controllers and Processors in Privacy Legislation
Controller and Processors: A Longstanding Distinction in Privacy
The Global Standard: Distinguishing Between Controllers and Processors in State Privacy Legislation


Download PDF