Data Controller

A data controller is a person or entity that determines how and why personal data is processed. They are responsible for the lawfulness of the processing, protecting the data, and respecting the data subject's rights.

Some of the responsibilities of a data controller include:

Deciding how to collect, store, use, alter, and disclose personal data

Providing information to data subjects

Ensuring there is a legitimate basis for processing activities

Giving effect to data subjects' rights under the GDPR

Ensuring that there is appropriate security for data processed

A data controller can be a legal person, such as a business, public authority, agency, or other body. In some cases, EU or Member State law may determine the controller and the purposes and means of processing personal data.

A data controller may delegate the processing to another party, called the data processor. For example, if a gym hires a printing company to produce invitations for a promotional event, the gym controls the personal information, and the printing company is the data processor.