Data Controller

A data controller is an organization or individual that determines the purposes and means of processing personal data. Under GDPR, the controller bears primary responsibility for compliance - they decide why data is collected, how it is used, and who has access to it.

Contrast with a data processor: a service or vendor that processes personal data on behalf of a controller, under the controller's instructions. Cloud providers, email marketing platforms, and analytics services are typically processors. The controller must have a data processing agreement with each processor.

For developers building applications that handle personal data - user accounts, contact details, behavioral tracking - your organization is the data controller. You are responsible for ensuring compliance with GDPR, CCPA, and other applicable regulations, including maintaining records of processing activities and appointing a Data Protection Officer if required.