
Ask HN: GDPR for CMS SaaS app? - going_to_800
Let&#x27;s say you have a SaaS where your customers can create mini-websites which have sign up pages, members area, etc.<p>MY question, what is the SaaS for the data of those users who sign up on the customers&#x27; &quot;mini-portals&quot;?<p>Is it a processor or a controller? The SaaS customer can customize pages, send emails etc...so it looks like the controller is the customer and the SaaS is just the processor, but after talking with some lawyers I&#x27;m not so sure about that.<p>What do you think?
======
smel
Both I think you're responsible for your scope and also customers if they have
access to APIs or export feeds.

Any data about final users should be available and controlled via consentement
mgt ui

------
termsfeed
This ICO guide can help know the difference between the data controller and
the data processor:

[https://ico.org.uk/media/for-
organisations/documents/1546/da...](https://ico.org.uk/media/for-
organisations/documents/1546/data-controllers-and-data-processors-dp-
guidance.pdf)

