Data “Controller”/ “Owner”

Data “Controller”/ “Owner”

Data Controller (EU)

The natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. In other words, even if your company does not ‘own’ the personal data, but you are making the primary decisions on how it is collected, used, stored, transferred, etc., then you are the data ‘controller.’ You may receive or collect personal data either directly from individuals (customers, employees), indirectly from a “vendor” (third-party, data processor), or possibly not at all.

Data Owner (US)

The entity who maintains, stores or collects data that includes the PII of an individual which they own or license. The Data Owner receives or collects PII either directly from individuals (customers, employees) or indirectly from a “Vendor” (Third-party, Data Processor). In certain instances, an entity may also be considered a Data Owner if they are the primary decision maker for what PII is collected, what it will be used for, and/or how it will be handled, even if they don’t ‘own’ it.


    • Related Articles

    • Data Classification

      A scheme that provides the basis for managing access to, and protection of, data assets.
    • Data Masking

      The process of de-identifying; anonymizing, or otherwise obscuring data so that the structure remains the same, but the content is no longer sensitive, in order to generate a data set that does not allow to the viewer to see the ‘masked’ confidential ...
    • Data Elements

      The different types of personal information processed by data processors. Typical data elements include name, date of birth and numerical identifiers. Organizational data elements tied to both individuals as well as organizations include business ...
    • Data Breach

      The unauthorized viewing, unauthorized acquisition, accidental publication, or loss of personally information data that compromises its security, confidentiality, or integrity, and which may lead to the accidental or unlawful use, destruction, loss, ...
    • Data Inventory

      Identifies personal information as it moves across various systems and thus how data is shared and organized, and its location. The data can be categorized by subject area, which identifies inconsistent data versions, enabling identification and ...