Accordingly, as a customer and data controller, you are in principle responsible for complying with obligations arising from the relevant data protection legislation that require the verification or analysis of the data. For these reasons, our DPA and DSG are formulated to help our customers meet their regulatory requirements, while reflecting the operational reality of the cloud-based services we offer. 3. What are the audit rights of customers as data controllers? 2. How does ServiceNow help customers respect the rights of the data concerned? As compliance is a shared responsibility, we are committed to helping you comply with the GDPR.