A Data Controller is an entity that determines the purposes and means of processing personal data. The Data Controller decides why personal data is collected and how it will be processed, and holds primary responsibility for ensuring compliance with data protection obligations.
Data Controller
Regulatory Definitions
- GDPR (Article 4(7)): 'The natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.' Under GDPR, Data Controllers bear the primary burden of accountability and must implement data protection by design, conduct Data Protection Impact Assessments, and respond to data subject rights requests.