European Data Protection Board logo
Close menu

Controller/processor

Controllers and processors are the actors responsible for compliance with the different rules in the GDPR. The controller, alone or jointly with other controllers, decides the purpose and means of data processing operations. The processor processes personal data on behalf of the controller.

Guidance

Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority

Guideline
#Controller/processor #Cooperation between authorities
Read more about
Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority

Guidelines 07/2020 on the concepts of controller and processor in the GDPR

Guideline
#Controller/processor #Accountability
Read more about
Guidelines 07/2020 on the concepts of controller and processor in the GDPR
Show more

Policy work

EDPB-EDPS Joint Opinion 3/2026 on the Proposal for a European Biotech Act

Legislative opinion
#Cross-regulatory interplay #Artificial intelligence #Health and research #Legal basis #Controller/processor
Read more about
EDPB-EDPS Joint Opinion 3/2026 on the Proposal for a European Biotech Act

EDPB-EDPS Joint opinion 2/2026 on the Proposal for a Regulation as regards the simplification of the digital legislative framework (Digital Omnibus)

Legislative opinion
#Artificial intelligence #Automated decision making, profiling and Online tracking #Controller/processor #Cross-regulatory interplay #Legal basis
Read more about
EDPB-EDPS Joint opinion 2/2026 on the Proposal for a Regulation as regards the simplification of the digital legislative framework (Digital Omnibus)
Show more

Compliance instruments

Opinion 22/2024 on certain obligations following from the reliance on processor(s) and sub-processor(s)

Opinion of the Board (Art. 64)
#Controller/processor #Accountability #Tools for transfers and derogations
Read more about
Opinion 22/2024 on certain obligations following from the reliance on processor(s) and sub-processor(s)

Opinion 04/2024 on the notion of main establishment of a controller in the Union under Art. 4.16(a) GDPR

Opinion of the Board (Art. 64)
#Controller/processor #GDPR enforcement #Cooperation between authorities
Read more about
Opinion 04/2024 on the notion of main establishment of a controller in the Union under Art. 4.16(a) GDPR
Show more

Related news

  • National News
  • it

The Italian Supervisory Authority fined a company 120 000 EUR for tracking five employees who drove company cars

  • National News
  • it

Italian SA fines a company for post-sick leave questionnaires

  • EDPB News

EDPB brings clarity to data processing for scientific research, speeds up the finalisation of the anonymisation guidelines and approves first European data protection seal as a tool for transfers

All news