A natural or legal ‘person’ or group of people that determines the purpose and means of processing any personal data. It is a key role under the forthcoming General Data Protection Regulations (GDPR).
A natural or legal ‘person’ must be recognised legally (natural via being born; legal via being incorporated). Examples include:
Any person that determines the purpose and processing of personal data can be a controller but they tend to be organisations. Even though there will likely be an individual responsible for the personal data within the organisation, they will still be acting on behalf of the organisation, therefore, making that the Data Controller. An example of where an individual could be a Data Controller is a self-employed consultant.
Under GDPR, the Data Controller is responsible for making sure the personal data that falls under their remit complies with the regulations when being processed. Therefore it’s important to know if you are a Data Controller as it is your responsibility to make sure you avoid legal action and punishment from the supervisory authority.