According to the GDPR, a Data Controller is an organization, agency, public authority, or individual that determines the purposes and means of processing personal data. The data controller is responsible for ensuring compliance with data protection regulations and for implementing appropriate safeguards to protect the rights and privacy of individuals whose data is being processed. In some cases, the data controller may employ a third-party data processor to carry out specific processing activities on their behalf.