The difference between a controller and a processor

The General Data Protection Regulation (GDPR) has already been in force for several months. However, there is still uncertainty about the meaning of certain terms in the GDPR. For example, it is not clear to everyone what the difference is between a controller and a processor, while these are core concepts of the GDPR. According to the GDPR, the controller is the (legal) entity or organization that determines the purpose and means of the processing of personal data. The controller therefore determines why personal data is being processed. In addition, the controller in principle determines with which means the data processing takes place. In practice, the party that actually controls the processing of data is the controller.

General Data Protection Regulation (GDPR)

According to the GDPR, the processor is a separate (legal) person or organization that processes personal data on behalf of and under the responsibility of the controller. For a processor, it is important to determine whether the processing of personal data is performed for the benefit of itself or for the benefit of a controller. It can sometimes be a puzzle to determine who is the controller and who is the processor. In the end, it is best to answer the next question: who has ultimate control over the purpose and means of data processing?

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Law & More B.V.