What category does Data Controller belong to?

Data Controller belongs to the "Concepts" category in personal knowledge management and productivity.

What are the key topics related to Data Controller?

Key topics related to Data Controller include: privacy, data-protection, compliance, accountability, regulations.

What are alternative names for Data Controller?

Data Controller is also known as: Data Owner, Data Custodian, Controller.

Data Controller

The entity that determines the purposes and means of processing personal data, bearing primary responsibility for data protection compliance.

Also known as: Data Owner, Data Custodian, Controller

Category: Concepts

Tags: privacy, data-protection, compliance, accountability, regulations

Explanation

A data controller is the natural or legal person, public authority, agency, or other body that determines the purposes and means of processing personal data. Under GDPR and similar regulations, the controller bears primary responsibility for ensuring data protection compliance.

Key characteristics of a data controller:

1) Decision-making authority - determines WHY data is processed (purposes) and HOW (means)
2) Primary accountability - legally responsible for compliance with data protection laws
3) Can be individual or organization - companies, government agencies, nonprofits, or individuals
4) May act alone or jointly - joint controllers share responsibilities

Controller responsibilities include:
- Ensuring lawful basis for processing
- Implementing appropriate technical and organizational security measures
- Responding to data subject rights requests
- Maintaining records of processing activities
- Conducting Data Protection Impact Assessments when required
- Reporting data breaches to authorities within 72 hours
- Ensuring processor compliance through contracts
- Appointing a Data Protection Officer when required

Controller vs. Processor distinction:
- Controller: decides purposes and essential means
- Processor: acts on controller's instructions
- The same entity can be controller for some processing and processor for other processing

Joint controllers: when two or more entities jointly determine purposes and means, they must transparently allocate responsibilities through an arrangement.

Examples: An employer is controller for employee data. A hospital is controller for patient records. A SaaS company is controller for its own customer data but may be processor for data its customers upload.

Liability: Controllers can face significant fines for non-compliance (up to 4% of global turnover under GDPR) and may be liable for damages to affected individuals.

Related Concepts

← Back to all concepts