Privacy Guidelines on Data Processor and Data Controller
Guidelines 07/2020 on the concepts of controller and processor in the GDPR
SECTION 2.1 DEFINITION OF CONTROLLER
15. A controller is defined by Article 4 (7) GDPR as
“the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Unionor Member State law”.
16. The definition of controller contains five main building blocks, which will be analysed separately for the purposes of theseGuidelines. They are the following:
“the natural or legal person, public authority, agency or other body”
“alone or jointly with others”
“the purposes and means”
“of the processing of personal data”.