Saturday 04 July 2026 22:34:10 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Controller

The organization that decides why and how personal data is processed.

In data protection law, a controller is the organization that decides why personal data is collected and how it is processed. It sets the purpose, chooses the main tools or vendors, and remains accountable for the overall legality of the processing, even when some tasks are outsourced.

This matters in cyber security because the controller defines the security requirements around the data: access control, retention, logging, and vendor oversight. In real systems, a company using a CRM, telemetry platform, or monitoring tool is often the controller, while a service provider acts as a processor. Attackers may target controllers because they hold decision power and often centralize sensitive records. Defenders use the controller role to assign responsibility, enforce least-privilege access, and make sure monitoring is proportionate, transparent, and limited to a specific purpose.

← WIKICROOK index