Controller or Processor

Which one are you? Subscribe to our newsletterGet IT Support
Data controller
Article 4 (7) of the Regulation says… “Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others determines the purposes and means of the processing of personal data.”

In practice this means the organisation responsible for making decisions about personal data. For example, a bank might collect the data of its clients when they open an account.

Responsibilities of data controllers

All data controllers must comply with certain important rules about how they collect and use personal information.

Some data controllers must register annually with the Data Protection Commissioner, in order to make transparent their data handling practices.


Data processor
Article 4 (8) of the Regulation says… “Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.”

Typical examples are service providers providing outsourced services to the controller such as marketing, accounting and HR services. In so doing, they deal with or store personal information data in accordance with the instructions of the controller.

So, to differentiate the processor from the controller, the bank in the above example would be the controller and the outsourced HR company would be the processor that stores and then uses the customer’s personal data in accordance with the controller’s instructions.

Responsibilities of data processors

Data processors must only process personal data on the instructions of the Data Controller. These responsibilities concern the necessity to keep personal data secure from unauthorised access, disclosure, destruction or accidental loss. In addition all data processors, whose business consists wholly or partly in processing personal data on behalf of data controllers who are required to register, are also required to register with the Data Protection Commissioner as a data processor.

We take GDPR seriously

I’m Ragnar, Director of Hero IT Support. I’m a certified GDPR practitioner and an expert in data compliance:

  • 10+ years experience as a company Director
  • Software developer
  • BSc, Computer Science and Artificial Intelligence
  • Directly responsible for data security/transfer/encrytion for our clients
  • Business technology advisor and public speaker
  • Qualified EU GDPR Foundation level and Practitioner

Expert knowledge of data processing, transfer, storage and collection is essential for the modern day IT Support company.

If you need help in making sense of exactly how GDPR will affect you, take a look at the resources below. I will continue to blog about GDPR as the waters become less murky and the ICO releases more information. You can follow me via the social media links below, or sign up to Ragnar’s GDPR Review email.

Contact us

13 + 8 =