What is a data controller according to GDPR?

A data controller is a person, public authority, or agency that determines the purposes and means of the processing of personal data. The data controller decides the purpose for which personal data is processed and what personal data is necessary to fulfil that purpose.

For example, if you are a small business store that collects personal data for shipping products (purpose) to customers in the EU, you are the data controller. If you use a third-party company to ship your products, then that business is a data processor.

The controller should have a lawful basis for processing personal data, such as the consent of the data subject or legitimate interest. Controllers are also responsible for ensuring that the processing is lawful, fair, and transparent and should implement appropriate technical and organizational measures to protect personal data from unauthorized access, use, or disclosure.

Start your compliance right away

14-day free trialCancel anytime

Get started for free

View plans

What is a data controller according to GDPR?

See also

Start your compliance right away

Get Started

Products

Solutions

Resources

Free Tools

Compare

Company

PartnersJoin us!

Legal

What is a data controller according to GDPR?

Related articles

See also

Start your compliance right away