An entity that has the authority over the processing of personal information. This entity is the focus of most obligations under privacy and data protection laws. It controls the use of personal data by determining the purposes for its use and the manner in which the data will be processed. The data controller may be an individual or an organization that is legally treated as an individual, such as a corporation or partnership.
Reference(s) in IAPP Certification Textbooks: F8; E57-59, 288; G10-11
Associated term(s): Data Processor