Data controller or data processor?

May 13, 2019
English Language

Due to the Personal Data Regulation, it is important to clarify whether you are a data controller or a data processor.

Data Controller

If you store and / or process personal data for others, you are categorized as a data processor. This means that you are not allowed to use the data for anything other than completing the task where you are a data controller.

There is a number of obligations that your organization needs to be compliant with when handling other people’s data. For instance you must have a written contract setting the framework for data processing - a data processing agreement - and you may only process data according to clear and documented instructions from the data controller.

Data controller or data processor_GDPR solution_compliance

We point out that our blog posts are neither comprehensive nor an absolute exposition of the compliance processes. RISMA Systems makes no guarantee that the information is accurate, up-to-date or complete, and the blog post must by no means be seen as legal advice. You are responsible for verifying that the information is in accordance with applicable law, if you are considering using it. All information is used at your own risk. RISMA Systems cannot guarantee full compliance with applicable laws and regulations, if you choose to follow the information in this blog post.


Stay up to date with knowledge and best practices on compliance, risk management, and governance. Receive guides, articles, case stories, invitations to events, offers, and much more.