ProvePrivacy Logo | Blue Green

Back to home


Data Controller

Stakeholders | ProvePrivacy | Article Image 29

A data controller is any person, authority organisation or other body which either on its own or jointly with another party determines the purposes and means of processing personal data.  In simple terms, the controller is responsible for ensuring the control of the personal data.

Relationships with Data Processors

When a controller passes on responsibility for processing to a data processor it will retain control through the contract that it puts in place to manage this relationship. 

Relationships with Joint Controllers

If the controller shares this responsibility jointly with another controller then it is advisable that a contract is in place (but not mandatory), but there should be a data sharing agreement in place to ensure that the data subject’s have complete transparency surrounding the relationship and the processing of their data.

An example of a Joint Controller might include the relationship between a franchisor and its franchisee, where processing of data is shared across platforms and responsibilities.

Relationships with Controllers in Common

There are circumstances where multiple controllers process data and a contractual agreement does not exist, for example an employer sharing personal tax details with a tax authority.  In these cases the statutory obligation overrides and it is unlikely that any further due diligence would be undertaken.

You might also like

Scroll to Top

Contact us

If you would like to ask more questions or to arrange training, complete the form below and we will respond shortly.

See our Privacy Statement for more details.

Get expert tips and business insights