Compliance & Privacy

Processor vs Controller

Also: Controller and Processor

The GDPR distinction between the party that decides why and how personal data is processed (controller) and the party that processes it on the controller's instructions (processor).

Why it matters

Your obligations differ depending on which role you play, and you need to know which you are for each data flow. It also determines who needs a DPA with whom and who is accountable for what.

What good looks like

Clarity means knowing, for each data activity, whether you are the controller (you decide the purpose) or a processor (you act on someone else's instructions), and structuring contracts and responsibilities accordingly.

In the European market

European enterprise buyers will expect you to articulate your controller or processor role clearly during due diligence, so it pays to have it worked out.

Related terms

Data Processing Agreement (DPA)GDPRLawful Basis for ProcessingPrivacy by Design
Free audit

Reading about it is the easy part. We run it.

Tell us where you are trying to grow, and we will show you the few moves that matter most, then make them.

Free, no obligation. We will get back to you quickly.