
ARE YOU A DATA PROCESSOR? OR A DATA CONTOLLER? OR BOTH? WHAT DOES IT MEAN FOR YOU IF YOU ARE?
The Data Protection Act, 2019 (“the Act”) provides for various safeguards in relation to the
protection of personal data of data subjects. To achieve this, it places certain obligations on data
controllers and data processors. The Act defines a data controller as a natural or legal person,
public authority, agency or other body which, alone or jointly with others, determines the
purpose and means of processing of personal data. On the other hand, a data processor is defined
as a natural or legal person, public authority, agency or other body which processes personal data
on behalf of the data controller. Simply stated, a data processor acts on and within the scope of
instructions from the data controller.