Q: Data controllers and processors – what’s the difference?

A: The distinction between the data controller and the data processor is one of the most important parts of the GDPR. 

To summarise, if you choose the methods for processing, or the reason for processing, that makes you a data controller. 

If you process data on behalf of another organisation who choose the method or reason for processing, then you are a data processor.

A data controller has a number of additional duties and obligations under the GDPR.


Article 4(7), GDPR
Article 4(8), GDPR

Additional Information:

Among the number of additional duties taken on by the data controller, there is the obligation to assure security and compliance across an entire data chain.

This means that data controllers are ultimately responsible for the activities of their data processors and service providers.

Understandably, many data controllers feel somewhat exposed by this framework. This is one of the reasons why eBoss is working hard to make compliance as easy as possible for our customers.

Did this answer your question?