Contact
In the case of public administrations, who is considered to be the controller?
The controller is whoever is responsible for deciding on the purposes and means of processing, regardless of whether or not this is the party who carries out the material processing of the information. The controller may be either a natural person or a legal person or body.
In the case of public administrations, the controller is usually the administrative body responsible for the matter in relation to which or for the performance of which the processing of personal data is required, as long as it has the power to make decisions about the purpose and means of the processing.
Data subjects should be able to easily identify who makes the decisions about the purposes and means of processing their data. For this reason, although it is possible to designate a legal person as controller, for the processing of data carried out by public administrations it is more appropriate that it be an administrative body of the corresponding administration (ministry, directorate-general, mayor's office, council department, management office, etc.).
For more information on this subject, please refer to ruling CNS 24/2018.