System owners are responsible for the systems that process the data.
               Business and mission owners own the processes and ensure that the

               systems provide value to the organization. Data processors are often
               the third-party entities that process data for an organization.
               Administrators grant access to data based on guidelines provided by
               the data owners. A user accesses data while performing work tasks. A
               custodian has day-to-day responsibilities for protecting and storing
               data.


               Understand the GDPR security controls. The EU General Data
               Protection Regulation (GDPR) mandates protection of privacy data.
               Two key security controls mentioned in the GDPR are encryption and
               pseudonymization. Pseudonymization is the process of replacing some
               data elements with pseudonyms. This makes it more difficult to
               identify individuals.

               Know about security control baselines. Security control

               baselines provide a listing of controls that an organization can apply as
               a baseline. Not all baselines apply to all organizations. However, an
               organization can apply scoping and tailoring techniques to adapt a
               baseline to its needs.