32Meaning of “controller” and “processor”U.K.
This section has no associated Explanatory Notes
(1)In this Part, “controller” means the competent authority which, alone or jointly with others—
(a)determines the purposes and means of the processing of personal data, or
(b)is the controller by virtue of subsection (2).
(2)Where personal data is processed only—
(a)for purposes for which it is required by an enactment to be processed, and
(b)by means by which it is required by an enactment to be processed,
the competent authority on which the obligation to process the data is imposed by the enactment (or, if different, one of the enactments) is the controller.
(3)In this Part, “processor” means any person who processes personal data on behalf of the controller (other than a person who is an employee of the controller).