GDPR applies to all organisations and individuals who work with personal data. Under GDPR, a ‘DataSubject’ is a natural person whose data is to be protected. Further, GDPR identifies two categories of data users. The two categories are ‘Data Controllers’ and ‘Data Processors’. A data controller states how and why personal data is processed. A data processor is the party doing the actual processing of some or all of the data on behalf of a data controller. dōTERRA has identified itself as a data controller. In addition, dōTERRA has also identified its Wellness Advocates as
data controllers. Accordingly, dōTERRA is updating its Wellness Advocate Agreements and Policy Manuals across Europe to contract with its Wellness Advocates as data controllers as well as define their relationship to dōTERRA as data controllers.