Data Controller
The entity that determines the purposes and means of processing personal data, bearing primary responsibility under GDPR.
What Data Controller means
Under GDPR, the data controller is the entity that decides why and how personal data is processed. In advertising, the advertiser is typically the data controller for customer data used in campaigns, while the ad platform may be a joint controller or independent controller depending on the data processing activity. Data controllers bear primary responsibility for compliance, including maintaining lawful basis for processing, fulfilling data subject rights requests, conducting data protection impact assessments, and reporting data breaches. Understanding the controller-processor distinction is essential for structuring compliant advertising operations, data sharing agreements, and vendor relationships.
Related terms
Data Processor
An entity that processes personal data on behalf of a data controller, bound by a data processing agreement.
GDPR
The General Data Protection Regulation — the EU's comprehensive data protection law governing how personal data is collected, processed, and stored.
Data Subject Access Request
A formal request from an individual to access, correct, or delete their personal data held by an organization.
Data Protection Officer
A designated role responsible for overseeing an organization's data protection strategy and GDPR compliance.