A data controller is the entity (or entities) responsible for determining how and why personal data is processed. If there’s more than one controller, then they’re considered “joint controllers” and jointly have obligations to the data subject (and may be jointly liable).
A data processor on the other hand, is the entity (or entities) responsible for processing personal data on behalf of the controller. This means that the scope of processing permitted by the processor is limited to the instructions and limitations set by the controller. Importantly, this includes restrictions on engaging with other processors without the controller’s consent.
“I highly recommend Progressive Legal to anyone who wants a solid foundation for business success.”
Law delivered differently,
more resolution, less confusion