Data Controller
In Simple Terms
The person or organization that decides why and how personal data is processed.
Formal Legal Definition
As defined in Article 4(7) GDPR, the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Practical Example
A law firm that collects client information to provide legal services is the data controller — it decides what data to collect, why, and how to use it.
Difference from Related Terms
A Data Controller decides the 'why' and 'how' of processing, while a Data Processor only processes data on behalf of and under instructions from the Controller.
Why It Matters
Data Controllers bear primary responsibility for GDPR compliance, including data protection impact assessments, breach notifications, and responding to data subject requests.
Related Terms
How snowLEX helps with Data Controller
snowLEX helps you determine whether your organization acts as a controller or processor in specific scenarios, and explains the corresponding obligations.
Try snowLEX Free