An organisation which makes decisions about personal data is called a data controller.

Quick definition

A data controller is the individual or organisation that decides why personal data is collected and how it is processed. This includes choosing what information to gather, what systems to use, who to share it with, and how long to keep it.

How it differs from a processor

  • A data controller decides the purposes and means of processing personal data.
  • A data processor follows the controller’s instructions and processes data on its behalf, without making the key decisions.

Simple example

  • A company that decides to collect customer emails for marketing and chooses the software and rules for using them is acting as the data controller.
  • An external email-marketing platform that just sends the emails according to the company’s instructions is a data processor.

Information gathered from public forums or data available on the internet and portrayed here.