• Data owners - Decides what to delete.
• Data Controller - Answers the question, “does policy and government regulations let us delete this?”
• Data Processor - Sets the access control permissions on who can delete this.
• Custodians - Makes sure that when the idiots above delete the wrong thing, we have backups.

In some organizations, one person may wear multiple hats. In most organizations, people fail to understand that IT is not the Data Owner.

It means too many people have my damn data.

Isn’t the right hand side of your image pretty self explanatory?