Controller #3
Description
Controller
The "data controller" is defined as a natural or legal person, authority, institution, or other entity. Data controllers possess decision-making authority, either individually or collaboratively, regarding the purposes and means of processing personal data. They are the norm addressee of the General Data Protection Regulation (GDPR) and are subject to obligations (Articles 24 et seq.). According to these provisions, multiple data controllers can be jointly responsible for processing activities. In such instances, internal responsibilities may be allocated while the data controllers remain collectively accountable externally. Furthermore, it is important to note that a data processor, while also subject to the rights and obligations outlined in the GDPR, does not qualify as a data controller in the context previously mentioned. A data controller is responsible for compliance with data processing principles and is particularly accountable for adherence to such principles. In cases of joint responsibility, it must be mutually determined who fulfills which obligations under the GDPR (rights of the data subject; informational duties). The required purposes and means may, if necessary, be specified by Union law or the laws of the Member States.
Related Comments
Based On
Art. 4 Nr. 7
Comm. Art. 4 Rn. 87-93
References
Obligation to Inform
Legal Person
Principles Relating to Processing
Art. 13
Art. 14
Art. 24ff.