The data controller is the person (or business) who determines the purposes for which, and the way in which, personal data is processed. By contrast, a data processor is anyone who processes personal data on behalf of the data controller (excluding the data controller’s own employees). This could include anything as seemingly trivial as, for example, storage of the data on a third party’s servers, or appointing a data analytics provider.