Skip to content

Glossary definition: Data Controller

Data Controller: Data Protection & Privacy

A data controller is a person or organization who is responsible for determining the purposes for which and the manner in which any personal data is processed. A data controller must comply with the data protection principles set out in the General Data Protection Regulation (GDPR) which includes ensuring that personal data is: processed lawfully, fairly and in a transparent manner; collected for specified, explicit and legitimate purposes; accurate and kept up to date; kept for no longer than is necessary; and kept securely. Data controllers must also ensure that individuals whose personal data is being processed are provided with information about how their data is being used, and must have appropriate measures in place to protect against unauthorized or unlawful processing, accidental loss or destruction of, or damage to, personal data.