Data Controller

From Open Risk Manual
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Definition

Under Regulation (EU) 2018/1725, as well as under the GDPR, the Data Controller is the party that, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

The actual processing may be delegated to another party, called the Data Processor. The controller is responsible for

  • the lawfulness of the processing
  • for the protection of the data, and
  • respecting the rights of the Data Subject.


The controller is also the entity that receives requests from data subjects to exercise their rights.

Notes

  • In ISO/IEC the term 'PII Controller' is used.

References

Retrieved from "https://www.openriskmanual.org/wiki/index.php?title=Data_Controller&oldid=26177"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki