Data controller

Under Swiss data protection law, the controller decides why and in what essential manner personal data are processed. The role may be held by a company, public authority, association or individual acting in a professional context. Controllers carry the primary responsibility for lawful processing, transparency, data security, respecting data subject rights and managing processors. The term broadly corresponds to the GDPR concept, though Swiss law has its own terminology and compliance framework. Joint controllership may arise when several actors genuinely determine purposes and means together.