Pryvii
All Terms

Data Controller

The entity that determines the purposes and means of processing personal data.

A data controller is the organization or individual that decides why and how personal data is processed. Under the GDPR (Article 4(7)), the controller determines the purposes (the why) and the means (the how) of processing. For a website, the company that owns and operates the site is typically the data controller, responsible for decisions about what data to collect, how long to retain it, who to share it with, and what security measures to implement.

Being a data controller carries the heaviest compliance obligations. Controllers must ensure lawful bases for all processing, implement appropriate security measures, respond to data subject rights requests, report data breaches to authorities within 72 hours, maintain records of processing activities, and conduct Data Protection Impact Assessments when required. If a controller engages third parties to process data on its behalf, it must ensure those processors are GDPR-compliant through formal data processing agreements. Joint controller arrangements exist when two or more entities jointly determine the purposes and means of processing.

Applies To

GDPRLGPDPIPEDA

How Pryvii Helps

Pryvii's compliance scanner helps data controllers verify that their website properly discloses their controller status, data processing activities, and contact information as required by privacy regulations.

Related Terms

Legitimate InterestA legal basis under GDPR that allows data processing without consent when the controller’s interests are not overridden by the data subject’s rights.Data ProcessorAn entity that processes personal data on behalf of and under the instructions of a data controller.Data SubjectAn identified or identifiable individual whose personal data is being collected or processed.Data Protection OfficerA designated person responsible for overseeing an organization’s data protection strategy, practices, and compliance.
Data Controller — Pryvii | Pryvii