An organisation that makes decisions about personal data is called a Data Controller.
Definition of a Data Controller
A Data Controller is the entity that determines the purposes, conditions, and means of processing personal data. This entity can be an individual, company, government agency, or any other body that makes material decisions about how and why personal data is processed. The Data Controller sets the purposes and decides which personal data to collect, how long to retain it, and the methods of processing.
Responsibilities
The Data Controller is responsible for ensuring that data processing is lawful, fair, and transparent. It must ensure data is collected for specific, legitimate purposes and that only necessary, accurate, and up-to-date personal data is processed. Controllers must meet legal obligations such as implementing appropriate technical and organizational measures, maintaining records of processing activities, and ensuring compliance with data protection laws such as GDPR.
Contrast with Data Processor
Unlike a Data Processor, who processes personal data on behalf of the controller and follows the controller's instructions, the Data Controller exercises full control over decisions involving the data. The processor acts as a service provider without owning decision authority over the data.
In summary, the organisation making decisions about personal data is known as a Data Controller.
