A natural or legal ‘person’ or group of people that determines the purpose and means of processing any personal data. It is a key role under the General Data Protection Regulations (GDPR).
A natural or legal ‘person’ must be recognised legally (natural via being born; legal via being incorporated). Examples include:
Any person that determines the purpose and processing of personal data can be a controller but they tend to be organisations. Even though there will likely be an individual responsible for the personal data within the organisation, they will still be acting on behalf of the organisation, therefore, making that the Data Controller. An example of where an individual could be a Data Controller is a self-employed consultant.
Under GDPR, the Data Controller is responsible for making sure the personal data that falls under their remit complies with the regulations when being processed. Therefore it’s important to know if you are a Data Controller as it is your responsibility to make sure you avoid legal action and punishment from the supervisory authority.
Find out what Data Governance roles you need to make your Data Quality initiative a success - read the blog now.
©2025 Experian Information Solutions, Inc. All rights reserved.
Experian Ltd is authorised and regulated by the Financial Conduct Authority (firm reference number 738097). Experian Ltd is registered in England and Wales (no. 00653331). Registered office: The Sir John Peace Building, Experian Way, NG2 Business Park, Nottingham NG80 1ZZ.