GDPR Glossary

What is Data controller?

GDPR Glossary Also known as: controller

The organisation or person that decides why and how personal data is processed — and carries primary responsibility under the GDPR.

A data controller is the entity that determines the purposes and means of processing personal data — in plain terms, the 'why' and the 'how'. Most businesses are controllers for the customer and employee data they decide to collect and use.

The controller carries the primary legal responsibility for GDPR compliance: choosing a lawful basis, honouring data-subject rights, keeping data secure, and being able to demonstrate accountability.

In the Regulation

Related terms

Need this applied to your business?

Our data-protection lawyers turn GDPR terms into a working plan.

Get advice