Privacy Glossary

Data Controller

An entity that determines the purposes and means of processing personal data.

GDPRLGPDPIPEDA

Full Definition

Under GDPR and similar frameworks, a Data Controller is a natural or legal person who determines why (the purpose) and how (the means) personal data is processed. Controllers bear primary accountability for compliance — they must establish a lawful basis, respond to data subject rights, conduct DPIAs, maintain processing records, and ensure any processors they appoint offer sufficient guarantees. In India's DPDP Act, the equivalent concept is the 'Data Fiduciary'. Controllers can be distinguished from processors, who only process data on behalf of and under instructions from a controller.

Back to all terms

Related terms

Data Processor

An entity that processes personal data on behalf of and under the instructions of a Data Controller.

Data Fiduciary

The Indian equivalent of a Data Controller under the DPDP Act — an entity that determines the purposes and means of processing personal data.

Lawful Basis

A legal justification under GDPR for processing personal data — one of six bases must apply before processing can begin.

Relevant regulations

GDPR

LGPD

PIPEDA

Browse more terms

Explore all 25 privacy and compliance terms in our glossary.

View full glossary

Automate your privacy program

TruePrivacy handles DSRs, consent management, data mapping, and breach response — all in one platform.

Start Free Trial Book a Demo