Data Controller

Definition

The entity (person or organization) that determines the purposes and means of processing personal data. In simpler terms, the controller is the company that decides why and how personal data is collected and used. California uses the equivalent term "business."

Legal Definition

Under the VCDPA (Va. Code 59.1-575): "the natural or legal person that, alone or jointly with others, determines the purpose and means of processing personal data." Under the CCPA, the equivalent concept is a "business" (Cal. Civ. Code 1798.140(d)).

State Laws Using This Term

VA CO CT UT TX OR MT DE NJ IA NH TN MN NE

Practical Example

An e-commerce company decides to collect customer emails for marketing. The company is the data controller because it determines the purpose (marketing) and means (email collection form) of processing.

Related Terms

Data Processor Consumer Personal Data

Frequently Asked Questions

Can a company be both a data controller and a data processor?

Yes. A company can act as a controller for its own data processing activities and as a processor when it handles data on behalf of another organization. The role depends on the specific processing activity.

Back to Glossary