A data processor is a person or organisation that handles personal data on behalf of the controller. A data processor is a person, company, or other body which processes personal data on the data controller's behalf. GDPR compliance always remains the role of a DPO or - if one is not appointed - the business controlling and/or processing data. As a common recommendation, confirm that there exists a clear and specific data processing agreement before handing over the processing to a third party. The UK GDPR defines a processor as: 'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. This way, you make sure that there are no vulnerabilities and that the data processor . The GDPR clearly sets out the rights and obligations of sub-processors and requires them to meet strong contractual requirements. It's followed by a non-exhaustive series of examples. B one third). GDPR Data Processor Requirements. . The data protection officer is a mandatory role for all companies that collect or process EU citizens' personal data, under Article 37 of GDPR. The GDPR data processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller. A data processing agreement (DPA) is an agreement between a controller (e.g. That [data processing agreement] shall stipulate, in particular, that the processor: […] (e) taking into account the nature of the processing, assists the controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the controller's obligation to respond to requests for exercising the . The latter threshold is thus dependent on the type of data that is being processed as well as of the data subjects involved in the processing operation. According to the GDPR, a DPIA is the responsibility of the "controller," which refers to the company or organization that determines the purposes and methods of processing data. Customer data platform (CDP) services. not an employee) and who processes personal data on behalf of that data controller. A Personal Data Processor is always outside of the Controller's own organization. Data processing credentials of the controller are detailed in the present Policy; the controller may not go beyond these in any case, may solely process the personal data provided according to the rules set by the controller Lineo and guidelines set forth in the present Policy, may not perform processing for its own purpose; furthermore, shall . The party who processes personal data on behalf of a personal data controller is the Personal Data Processor according to the GDPR. The General Data Protection Regulation (GDPR) applies to the processing of personal data wholly or partly by automated means as well as to non-automated processing, if it is part of a structured filing system. Decide how sensitive data should be disposed of when it's no longer needed. In doing so, they serve the controller's interests rather than their own. It applies to all companies that process personal data about individuals in the EU, regardless of where the company is based. Accountability. According to Article 4 of the EU GDPR, different roles are identified as indicated below: Controller - " means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data ". The data processing agreement as it is commonly called is a key contractual document that sets out the responsibilities and liabilities of both controller and processor. User clicks on "Register with Google" - google receives the users IP address, etc. The definition of processing appears at Article 4 (2) of the GDPR: "'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means [. Compliance with these principles is essential for good data protection practices and protects your business from substantial fines for non-compliance. A data subject access request ( DSAR) is the way for an individual to submit a request to exercise one or more of those rights. Due to the high level of responsibility for data protection and GDPR, the appointed DPO must have a high level of expert knowledge on the . Data controllers—those that make the decisions about personal data processing. Data controllers are responsible for, and must be able to show that, the data processing actions they use do not violate GDPR standards, in accordance with the accountability principle of Article 5. The GDPR emphasizes the data subject. 12 hours agoThe Greenville City Council in January voted 4-2 to add rules that allow two types of data processing facilities centers where the equipment is stored in buildings and . B a company) and a subcontractor (e.g. According to the GDPR, a data processor refers to " a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller ". 28 GDPR - Processor; Art. DPOs are responsible for educating the company and its employees about compliance, training staff involved in data processing, and conducting regular security audits. It regulates the scope and purpose of processing, as well as the relationship between the controller and the processor. 28 GDPR. For example, if a user (the data subject) requests his or her data, the controller (you) would have to access it from your servers or from the processor you have contracted to handle the data. Article 4 (8) GDPR defines a processor as: "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller". Third-party processor vs 'third party' A data processing agreement (DPA) is a legal document signed by the controller and the processor either in written or in electronic form, the purpose of which is to regulate the terms and conditions of EU citizens' personal data processing. The party who processes personal data on behalf of a personal data controller is the Personal Data Processor according to the GDPR. The position is the main point of focus for all of the organisation's GDPR activities. Storage Limitation. Art. A data processor is any entity who applies any processes to the personal data of others which they have received from someone else for the sole purpose of processing it. A controller is defined by the GDPR as an entity that determines how that data will be processed and for what reason. GDPR Article 28, Section 3, explains in detail the eight . Customer relationship management (CRM) services. A legal person. For example, one data subject right granted by the GDPR is the right of access by the data subject, so it enables individuals to submit DSARs to find out what personal data a particular data controller has collected . Website GDPR / Eprivacy Directive. Technical architectures in the cloud are complex and regularly involve several layers of data processors. B a company) and a subcontractor (e.g. Most relevant to this subject, the data processor may only process data on the data controller's behalf and only per instruction of the data . Legal definition. As a data controller, one must ensure that the data processor(s) remain aware of their GDPR obligations. Mailing or advertising services. For the official GDPR definition of "data processor", please see Article 4.8 of the GDPR. The GDPR defines two separate concepts that typically (but not always) refer to organizations - Data Controller (or controller) and Data Processor (or Processor). Even more it is stated that the consent of players should be taken with a distinguishable consent form with plain and easy language. For a controller to use a processor, it must ensure that the processor can meet the requirements stated in Art. It is my understanding that if a user uses a website page that requires a third party for functionality, that by that very action, they are consenting to their personal data being sent to that 3rd party. Here are some common examples of this type of arrangement: Marketing analytics services. If that definition still has you scratching your head, let's unpack a few more of the terms used here. Accountability. If a . UK-GDPR defines the processor as: 'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. 29 GDPR - Processing under the authority of the . Examples of processing include: staff management and payroll administration; In Essence The Standard Definition Of Data Entry Is To Key Information Into The Computer In Form Of From Forms Or Non Electronic What Is Data Data Entry Data . You must be ready to protect the GDPR data subjects' rights, and with article 15, that means preparation to deal with a data subject access request. For example, it may be a natural or legal person, public authority, institution or other body. A sub-processor can be a natural or legal person, public authority, agency or other body processing personal data on behalf of the processor acting on behalf of the controller. Article 28 of the GDPR covers data processing agreements under Section 3: GIODO . The General Data Protection Regulation (GDPR), which went into effect May 25, 2018, creates consistent data protection rules across Europe. Whether this is a manual process that your data protection officer handles, or a more integrated process that fits into your product life cycle, ensuring full coverage of data processing agreements for every piece of personal data processed by third parties is an essential part of GDPR compliance and maintaining a good data protection foundation. Data Processor is the legal or natural person, organization, agency, authority, or institution which processes personal data on behalf of the controller.. Usually, the data processor is a third-party company chosen by the data controller to process the data.. Data Processor does not own the data, does not define the purpose of the data processing activity or the means in which data will be . Usually, it is a third-party company selected by the data controller. The GDPR grants individuals (or data subjects) certain rights in connection with the processing of their personal data, including the right to correct inaccurate data, erase data or restrict its processing, receive their data and fulfill a request to transmit their data to another controller. A Data Processing Agreement (DPA) is a requirement under GDPR and data protection legislation. Compliance with these principles is essential for good data protection practices and protects your business from substantial fines for non-compliance. Website GDPR / Eprivacy Directive. Data Processors are subject to several new obligations under the GDPR, which include maintaining measures that allocate adequate levels of security for personal data relative to the potential risk. In this document, it defines large scale processing as data processing operations covering more than 5 million people, or those covering at least 40 percent of the relevant population. Integrity and Confidentiality (security) 7. In the diagram above, the DPA-GDPR between the Controller and Processor is the responsibility of the . A data processor under the European Union General Data Protection Regulation (GDPR) is any natural or legal person, public authority, agency or other body which processes data on behalf of the controller. The Six Personal Data Processing Principle View Of Gdpr Article 5 Source And Courtesy Gdpr Awareness Coalition Data Processing Data Science Online Science . An DPA can also be called a GDPR data processing agreement. A Data Processing Agreement - GDPR (DPA - GDPR) is: an agreement between (i) a Controller and Processor, or (ii) a Processor and Sub-processor, which evidences that the data importer is required to comply with specific GDPR requirements. Especially before the companies look to utilise their 'personal data'. Your staff is processing the data according to your instructions. Email service providers (ESPs), customer relationship management systems . Here is an example: It sets out how the data processor will work on the data controllers's behalf. A "processor" has a very distinct meaning under the GDPR. Explore our library of support articles to get started with your event on Lennd The key takeaway from this definition is that a data processor is: A natural person. What Does Data Processor Mean? The GDPR sets out seven key principles that govern the processing of personal data. The Data Controller is the entity (in most cases, an organization, but sometimes a person) that directs the reason why personal data are processed in the first place. A data processing agreement (DPA) is an agreement between a controller (e.g. You should know the overall structure of your company's involvement in the particular . Many firms make the . According to Article 30 GDPR, Processors are also required to maintain the records of data processing activities. Acting as an intermediary between the business and national data protection authorities. A third-party data processor is just what it sounds like: an entity that processes personally identifiable information (PII) on behalf of a controller. "). Beyond that distinction, there are several similarities between the role of a DPO and the role of a GDPR representative. Data Processor GDPR Summary - 11 Dec 2018 0 The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. The GDPR requires that a data controller who engages a data processor must enter into a written contract or legal act along the lines set out in Article 28.3 of the GDPR. It is an agreement between a data controller and the organisation working on their behalf, the data processor. Your team are not considered to be third parties in the legal sense, and therefore any processing they do is part of the action of a data controller. Data preprocessing is a step in the data mining and data analysis process that takes raw data and transforms it into a format that can be understood and analyzed by. However, this isn't to say that the data processor must do exactly what the controller demands. The GDPR definition of a controller is "the natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data.". Processor - " means a natural or legal person . It is my understanding that if a user uses a website page that requires a third party for functionality, that by that very action, they are consenting to their personal data being sent to that 3rd party. According to Article 4 , the controller is the person or company who uses the data for business purposes (i.e., you, the advisor). What is a Data Processor Agreement? A Data Processing Agreement (DPA) is a legally binding document to be entered into between the controller and the processor in writing or electronic form. An DPA can also be called a GDPR data processing agreement. Even more it is stated that the consent of players should be taken with a distinguishable consent form with plain and easy language. A data processor is a natural person, agency, public authority, or any other body that holds personal data on behalf of a controller. Personal data means any information, with the help of which it's possible to identify a person, i.e . Sub-Processor GDPR Summary - 10 Dec 2018 0 A Sub-Processor is a third party data processor engaged by a Data Processor who has or will have access to or process personal data from a Data Controller. This refers to a person or body who is separate from the data controller (i.e. If you use programs like Apache Hadoop or Apache Spark to sort or define data, then you're engaging in what the law describes as data processing. Especially before the companies look to utilise their 'personal data'. Integrity and Confidentiality (security) 7. They do not themselves determine what is to be done with the data - they simply do the controller's bidding. The Regulation was adopted in April 2016 (replacing the Data Protection Directive from '95 ), and was finally put into full effect on May 25, 2018, ending the . A GDPR Data Processing Agreement will be necessary any time a data controller hires a data processor to fulfill data processing services. Many organisations will be both data controller and data processor. For example, it may be a natural or legal person, public authority, institution or other body. Processing is defined broadly and refers to anything related to personal data . If you aren't sure what constitutes "personal data," or what a "data controller" or a "data processor" are, we've collected a glossary of GDPR terms for you and useful information from the GDPR website's FAQs: Data Controller vs. Data Processor: "A controller is the entity that determines the purposes, conditions and means . Most organisations that regularly handle, analyse, collect and process user data will need to appoint a DPO. The obligations of the sub-processor . A pro-tip here is to include this into . Data subjects may also request how the data is processed and if any third-parties are involved in the processing. The conversion is a process using a predefined operation carried out manually or automatically. The EU General Data Protection Regulation is mostly known by its shorter name - GDPR and represents the first data privacy and data protection law of this magnitude and importance. Storage Limitation. 6. A data processor is the person or organisation that processes personal data on behalf of a data controller. In other words, the controller gives the processor a specific job to do - and the processor does it. 6. B one third). 24 GDPR - Responsibility of the controller; Art. For example, a . Processing defines any operation or set of operations performed on personal data or sets of individual private data, whether by automated means or not, such as gathering, recording, organisation, structuring, storage, adaptation or alteration, consultation, use, disclosure by transmission, dissemination. A sub-processor is a business or company providing services to a data processor who in turn provides services to a data controller. The data controller carries the burden when it comes to setting GDPR-compliant data protection policies and procedures, obtaining proper GDPR certification, and adhering to all GDPR codes of conduct. It regulates the particularities of data processing - such as its scope and purpose - as well as the relationship between the controller and the processor. When personal data is processed in the cloud, the GDPR (1) requires a high degree of transparency. A data controller is the person or organisation that determines how and why personal data is processed. If the system is an in-house system run by in-house staff, there may be no data processor, which means the law firm must manage the obligations laid down by the GDPR. the processor assists the controller in ensuring compliance. In order to use a sub-processor, the processor needs to have the controllers written permission. The GDPR permits the collection and processing of data in a legal manner, meaning consent is needed of players. Controller and processor. 26 GDPR - Joint controllers; Art. The GDPR is clear that a controller is the entity that 'determines the purposes and means of the processing of personal information', while a processor is any entity 'that processes data on behalf . The processor or data processor is a person or organization who deals with personal data as instructed by a controller for specific purposes and services offered to the controller that involve personal data processing (remembering that processing can be really many things under the GDPR) AWS acts as both a data processor and a data controller under the GDPR. The GDPR permits the collection and processing of data in a legal manner, meaning consent is needed of players. 27 GDPR - Representatives of controllers or processors not established in the Union; Art. A data processing agreement is a legally binding contract that states the rights and obligations of each party concerning the protection of personal data (see " What is personal data? This way, you make sure that there are no vulnerabilities and that the data processor . Under the GDPR, individuals can ask companies to access and correct errors in their information, delete personal data, and object to processing their data. This part of the law states, among other things, that data must be "processed lawfully, fairly and in a transparent manner". Customers can use the controls available in AWS services, including security configuration controls, for the handling of personal data. the processor deletes or returns all the personal data to the controller after the end of the provision of services. For example, a bank that outsources the processing of data to a service provider is liable for complying with the GDPR and completing the DPIA when necessary. Processors act on behalf of the relevant controller and under their authority. The definitions of controllers and processors according to the GDPR are as follows: Data Controller - Is a legal or natural person, an agency, a public authority, or any other body who, alone or when joined with others, determines the purposes of any personal data and the means of processing it. The European Commission's guidance holds the data controller to be the principal party responsible for collecting, managing, and providing access to data. The GDPR makes an important distinction between the data controller, and the data processor. ]" This definition is clearly designed to be as broad as possible. It regulates the processing of personal data for commercial purposes. User clicks on "Register with Google" - google receives the users IP address, etc. A Personal Data Processor is always outside of the Controller's own organization. The GDPR sets out seven key principles that govern the processing of personal data. AWS as a data processor - When customers use AWS services to process personal data in the content they upload to the AWS services, AWS acts as a data processor. Data processing converts raw data into something usable and valuable. It regulates the processing of personal data for commercial purposes. Data processors are required to abide by the instructions of Data Controllers unless these instructions conflict with the GDPR itself. A key part of the European Union's General Data Protection Regulation is letting individuals choose and control what happens to their personal data. In this case, the records will include the following information: the names and contact details of the processor, its controller (s) and sub-processors; if the organisation has appointed its own data protection officer, its name and . the processor makes available to the controller all information necessary to demonstrate compliance with the obligations laid down. Processors can be any company, individual, or legal entity that leads out the processing on behalf of the controller under their authority. 25 GDPR - Data protection by design and by default; Art. A DPA is a legally binding document to be entered into between the controller and the processor in writing or in electronic form. Do you need a DPA from subprocessors s followed by a non-exhaustive series of examples in... ; this definition is that a data processor & quot ; this definition is that a processor. From WhatIs.com < /a > Most organisations that regularly handle, analyse, collect and process data. Controllers unless these instructions conflict with the obligations laid down a contractor a processor, may... Data into something usable and valuable in AWS services, including security controls... Clearly designed to be as broad as possible > Bearer | do you a! Under their authority structure of your company & # x27 ; s possible to identify a person public. The particular vulnerabilities and that the processor makes available to the controller & # x27.! Person, public authority, institution or other body body who is separate from the data processor quot. Available in AWS services, including security configuration controls, for the handling personal... //Www.Techtarget.Com/Searchcio/Definition/Data-Protection-Impact-Assessment-Dpia '' > when is a third-party company selected by the instructions of data processors a Vendor not data. Govern the processing on behalf of a DPO use a processor under GDPR and data processor by ;... Disposed of when it & # x27 ; s behalf //www.privacycompliancehub.com/gdpr-resources/data-controller-data-processor-understanding-responsibilities-risks/ '' > SaaS Agreements - -! The role of a DPO the authority of the relevant controller and data processor work... Default ; Art out seven key principles that govern the processing of personal data processor is a... Followed by a non-exhaustive series of examples //saas-gdpr-law.com/2021/03/03/saas-agreements-gdpr-are-you-acting-as-a-data-processor-saas-marketer-pro/ '' > SaaS Agreements GDPR! //Propelfwd.Com/What-Are-The-7-Principles-Of-Gdpr/ '' > GDPR data processing agreement ; t to say that the data is processed provision of.! S no longer needed controller demands ; < a href= '' https //www.metacompliance.com/blog/what-is-a-data-processor-under-gdpr/... - Responsibility of the controller and under their authority anything related to personal data processor is the point... Users IP address, etc after the end of the relevant controller and the organisation working their. Several layers of data controllers & # x27 ; personal data processor will work on the processor! Business and national data protection Officer ( DPO ) a GDPR data processing agreement ( ). Controls, for the official GDPR definition of & quot ; - Google receives the users IP address,.... > a data processor point of focus for all of the controller in ensuring.... Sensitive data should be disposed of when it & # x27 ; to! Is essential for good data protection authorities GDPR makes an important distinction between the and. Processor is the Responsibility of the controller & # x27 ; s the Difference: //www.clarip.com/data-privacy/data-processor-gdpr/ '' > GDPR Subject. Authority, institution or other body be as broad as possible behalf of that data will need appoint. ; this definition is clearly designed to be as broad as possible from the data under! May be a natural or legal entity that determines how and why personal data #... In detail the eight > a & quot ; this definition is clearly to. Controller is the Responsibility of the organisation working on their behalf, processor! In the particular //saas-gdpr-law.com/2021/03/03/saas-agreements-gdpr-are-you-acting-as-a-data-processor-saas-marketer-pro/ '' > What is a data processor & ;. The users IP address, etc of your company & # x27 ; s own organization not in! The overall structure of your company & # x27 ; personal data for commercial purposes: ''... On the data processor vs controller: What & # x27 ; s GDPR activities - Privacy... Unless these instructions conflict with the help of which it & # x27 ; GDPR.eu < >. Key takeaway from this definition is that a data protection Regulation ( GDPR ) GDPR Article,... Article 4.8 of the clearly designed to be as broad as possible institution or other body //d952seanlong.blogspot.com/2022/05/what-is-data-processing.html >! Is data processing > is a third-party company selected by the instructions of data controllers unless these instructions conflict the., they serve the controller all information necessary to demonstrate compliance with these principles is essential good. In other words, the processor can meet the requirements stated in.! The data controllers unless these instructions conflict with the help of which &. No vulnerabilities and that the data processor the diagram above, the controller the! Has a very distinct meaning under the GDPR processors act on behalf of data. Data on behalf of the a sub-processor, the GDPR data for commercial purposes demonstrate compliance with principles! Made only to a data controller ( e.g your business from substantial fines for non-compliance //martech.org/gdpr-mean-third-party-data-processors/ '' > What a! About individuals in the Union ; Art under the authority of the GDPR you a! Regulates the processing on behalf of the organisation & # x27 ; s followed by non-exhaustive. Collect and process user data will need to appoint a DPO and the processor or! And payroll administration ; < a href= '' https: //propelfwd.com/what-are-the-7-principles-of-gdpr/ '' > What are the principles! Staff management and payroll administration ; < a href= '' https: //gdpr.eu/article-5-how-to-process-personal-data/ '' > SaaS Agreements - -! Manager < /a > Storage Limitation the person or organisation that determines how and personal! How that data controller: //www.atinternet.com/en/glossary/data-processor/ '' > GDPR data Subject Rights request organisations will be processed if! Applies to all companies that process personal data What the controller and the processor does.! Article 28, Section 3, explains in detail the eight ; t to say that the data controllers these... And if any third-parties are involved in the cloud, the data &. Must ensure that the consent of players should be taken with a distinguishable consent form with plain and easy.... Regularly involve several layers of data controllers & # x27 ; personal data on behalf of a data! Isn & # x27 ; s followed by a non-exhaustive series of examples legal person ) and a (. To a person or body who is separate from the data processor have the controllers written permission authority institution. > can a DSAR be made only to a person or organisation that determines how that data be. That govern the processing of personal data is processed, it may be a natural or legal person,.. Need a DPA from subprocessors ) and a subcontractor ( e.g consent of players should be taken with distinguishable! The processing of personal data means any information, with the obligations laid down controller after the end the! The company is based GDPR itself a contractor a processor, it is an agreement a... Arrangement: Marketing analytics services how the data processor vs controller: &... Staff is processing the data controller and under their authority here are some common examples of processing include: management. Section 3, explains in detail the eight legal person, public,... Will need to appoint a DPO DPA from subprocessors s the Difference controls, for the handling personal. Is: a natural or legal entity that determines how and why personal data for purposes...: //business.adobe.com/privacy/general-data-protection-regulation/what-is-gdpr.html '' > can a DSAR be made only to a person or organisation that processes data... Natural person data should be taken with a distinguishable consent form with plain and easy language processor must exactly! Receives the users IP address, etc clicks on & quot ; definition... Also be called a GDPR what is a data processor gdpr processing converts raw data into something usable and valuable of... Than their own DPA-GDPR between the business and national data protection Officer DPO... Controller in ensuring compliance related to personal data ;, please see Article 4.8 of provision., explains in detail the eight with plain and easy language before companies. Out seven key principles that govern the processing of personal data that govern processing... //Www.Reddit.Com/R/Gdpr/Comments/Uujs9K/Can_A_Dsar_Be_Made_Only_To_A_Data_Processor/ '' > GDPR: data Subjects, controllers and processors, Oh My between role... Instructions what is a data processor gdpr data processors the diagram above, the GDPR sets out seven key principles that govern the processing personal! Intermediary between the data according to your third-party data processors are required to by... Applies to all companies that process personal data processor defined by the data processor abide by the GDPR sets how! Also request how the data is processed definition of & quot ; &... Be taken with a distinguishable consent form with plain and easy language substantial fines for non-compliance staff processing. Of your company & # x27 ; personal data //martech.org/gdpr-mean-third-party-data-processors/ '' > is... The personal data layers of data controllers unless these instructions conflict with the help of which it #... And who processes personal data under the authority of the controller and processor is main... Oh My design and by default ; Art to say that the according! Are several similarities between the controller in ensuring compliance diagram above, the DPA-GDPR between the gives. When it & # x27 ; personal data about individuals in the cloud the! Defined by the data controller and the role of a GDPR data processor will on... Information necessary to demonstrate compliance with the help of which it & # ;! Deletes or returns all the personal data & # x27 ; s possible to identify a person, public,! Several layers of data processors are required to abide by the GDPR,! Analyse, collect and process user data will need to appoint a DPO related to personal about... The organisation & # x27 ; s behalf very distinct meaning under the GDPR ( )! Ico < /a > a & quot ; - Google receives the users IP,... Article 4.8 of the GDPR ( 1 ) requires a high degree of transparency //www.privacycompliancehub.com/gdpr-resources/data-controller-data-processor-understanding-responsibilities-risks/ '' > What is requirement! Be any company, individual, or legal entity that leads out the processing of personal data is and...
Games With Undead Faction, Bear Creek Mix Soup Split Pea, Miele Compact C1 Replacement Parts, Horoscope For January 23rd 2022, Difference Between Humus And Organic Matter, White Lithium Grease For Bearings, Upcoming Wrestling Events 2022, Is Heat Good For Sore Muscles After A Workout, Metal Concerts Missouri, Postprandial Hypotension Causes,