A data controller is the entity that decides why and how personal data will be processed. It matters because privacy accountability depends on knowing who actually determines the purpose and means of processing.
What is Data Controller?
Controllers define the processing objectives, choose vendors, decide retention logic, and bear significant governance obligations for the resulting data use. They are distinct from entities that merely process on instruction.
What Data Controller Commonly Supports
Common uses include contract design, privacy notices, processor management, incident accountability, and rights-response responsibilities.
Data Controller vs. Data Processor
A controller determines purposes and means. A processor typically handles data on behalf of the controller under instructions.
Frequently Asked Questions
Why is controller status important?
Because it determines who carries primary responsibility for many privacy obligations and decisions.
Can an organization be both controller and processor?
Yes. It can play different roles in different processing contexts.
Related Cybersecurity Terms
