Data controller
Also known as: controller
A data controller is any natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. Controllers bear the primary legal obligations under the DPA 2020, including maintaining a privacy notice, responding to subject access requests, and notifying breaches.
DPA reference
Data Protection Act 2020, s.2
Related terms in Key concepts
Anonymisation
Altering personal data so that individuals can no longer be identified, directly or indirectly.
Automated decision-making
Making decisions solely by automated means, without human involvement, that significantly affect individuals.
Beneficial ownership
The natural person who ultimately owns or controls a legal entity.
Biometric data
Unique physical or behavioural characteristics used to identify an individual, such as fingerprints.