A natural or legal person, public authority, agency, or other body operating alone or jointly with others to determine the reasons to collect and process personal data.

The term controller may have specific definitions in certain jurisdictions. Under the General Data Protection Regulation (GDPR), for example, a controller is the person that determines the purposes and manner for which personal data is processed (Article 4(7), GDPR). For more information, see Practice note, Overview of EU General Data Protection Regulation: GDPR: definitions: Data controller and data processor.

A controller was previously known as a data controller under the UK Data Protection Act 1998 (DPA 1998). For more information on data controllers under the DPA 1998, see Practice note, Overview of UK data protection regime (DPA 1998 version): Data controller and data processor.