Controller vs Processor
Who's responsible for what when using construction cameras? GDPR defines clear roles: you're the controller, we're the processor.
Data Controller
You (the construction company or camera operator)
- Decide why cameras are used and how data is processed
- Ensure lawful basis for processing (legitimate interests)
- Inform data subjects (signage, notices)
- Handle data subject requests (access, deletion)
- Select appropriate processors and ensure they comply
Data Processor
Builder.Cam (the camera service provider)
- Process data only on controller's instructions
- Implement appropriate security measures
- Assist controller with compliance obligations
- Maintain records of processing activities
- Not share data except as instructed by controller
In Practice
You make the decisions: enable face blurring, define privacy zones, decide who gets access, set retention periods. We execute those decisions: store photos securely, apply the settings you choose, deliver the service. This clear division is exactly what GDPR expects.
Frequently Asked Questions
Am I the controller even though Builder.Cam owns the cameras?
Yes. You decide to use cameras and determine the purposes (documentation, progress, security). Equipment ownership doesn't determine GDPR roles. You're the controller because you make decisions about the processing.
What is Builder.Cam responsible for?
As processor, Builder.Cam is responsible for: secure storage and transmission of photos, implementing the features you select (face blurring, privacy zones), assisting with data subject requests when applicable, and maintaining appropriate security. We process data according to your instructions.
Do I need a data processing agreement?
Yes. GDPR requires a contract between controller and processor. Builder.Cam provides a Data Processing Agreement (DPA) as part of service terms. This documents our respective responsibilities.
What if someone asks to see their data?
As controller, you handle data subject requests. With face blurring enabled, most requests are moot—individuals aren't identifiable. For requests that do apply, you would review what data exists and respond. We can assist with data exports if needed.
What if there's a data breach?
Builder.Cam notifies you promptly of any breach affecting your data. As controller, you then assess and handle any required notifications to authorities or data subjects. With face blurring, most breach impacts are minimal since data isn't personally identifying.
Related Topics
Clear Roles, Clear Compliance
We handle the technical security; you make the decisions. Simple.
