The Data controller establishes the needs for which and the signifies by which particular information is processed. PCI compliance is split into 4 concentrations, depending on the once-a-year range of credit or debit card transactions a business procedures. The classification stage decides what an business must do to remain compliant. https://www.nathanlabsadvisory.com/blog/category/nathan/page/5/