Data Controller

Who is it?

Definition

Article 4(7) of the General Data Protection Regulation (GDPR).

I run a company, am I the data controller? Yes! The data controller can be a legal person (company, public authority) or a natural person.

Joint controllers

Where two or more controllers jointly determine the purposes and means of the processing, they are joint controllers.

Joint controllers define their respective obligations in a transparent manner in order to ensure compliance with the requirements of the GDPR, in particular as regards the exercise of the rights of the data subject.

Processor

The processor is the natural or legal person who processes personal data on behalf of the controller.

The processor acts only on the instructions of the controller and on behalf of the latter. The relationship between the controller and its processor must be strictly framed and be the subject of a contract or an amendment to the existing contract.

Practical classification

  • You are the controller when you determine the purposes and means of the processing on the basis of a precise legal basis;
  • You are the controller when you determine the purposes and means of the processing on the basis of an implicit authorization;
  • You are the controller when you determine the purposes and means of the processing in practice;
  • You are a joint controller when you jointly determine the purposes and means of the processing with another controller;
  • You are a joint controller when you jointly determine certain essential purposes with another controller;
  • You are a processor when you have no control over the purposes and means of the processing entrusted to you.