Data Controller

A data controller is the person or organisation that determines the purposes and means of processing personal data. Under UK GDPR, data controllers must register with the ICO (unless exempt), implement appropriate technical and organisational measures to protect data, and ensure individuals can exercise their data rights. Data processors (acting on a controller's instructions) have separate but related obligations.

Official guidance

Related terms

General Data Protection Regulation

Back to glossary