Back to all glossary articles

Data controller

A data controller is a person or organization that determines the use of personal information. The role of the data controller can be shared by many people or organizations.

Rights and responsibilities of data controllers include:

  • establishing a lawful data process and observing the rights of Data subject s (including collecting data subject Consent s and requests)
  • issuing instructions on data processing (including appointing employees to serve as point of contact) for the Data processor – the data processor should handle data exclusively in the manner prescribed by the controller.

Read more about data controller on the Piwik PRO blog and in the resources section:

  • Privacy by design in practice: How “just enough” data beats “just in case” collection

    While collecting more data “just in case” feels safer, according to Matt Gershoff, it’s also one of the biggest sources of unnecessary compliance risk, analytical noise, and wasted organizational resources in the analytics industry today. His approach of “just enough” data collection is more intentional, more aligned with privacy regulation, and often more analytically effective.

  • 4 ways to make your analytics HIPAA-compliant: Implementation guide

    Healthcare organizations have four main approaches to achieving HIPAA-compliant analytics. Each has different trade-offs in cost, technical complexity, and analytics capabilities. This guide compares all four implementation methods – from using Google Analytics with workarounds to deploying fully HIPAA-compliant analytics platforms – so you can choose the right approach for your organization’s needs and resources.

Other definitions

Recent posts from Piwik PRO blog