Controllers and processors
-
The Data (Use and Access) Act 2026 got Royal Assent on 19 June 2026. All the provisions affecting data protection law and the Privacy and Electronic Regulations Communications are now in force. The Department for Science and Innovation (DSIT) has set out the commencement plans. You can find more details on the Gov.uk website.
The guidance on this page is suitable for large businesses in the public, private and third sectors. Small businesses should use the resources on our small business web hub.
Brief guidance
Controllers and processors: a guide
The definitions of 'controllers' and 'processors', how to determine if you are a controller or processor and what the roles are.
Detailed guidance
Controllers and processors
More detailed guidance on controllers and processors, including how to apply the roles in practice, your responsibilities under each role and joint controllers.
Resources
Controllers self assessment
Assess your high level compliance with data protection legislation, as a data controller.
Processors self assessment
Assess your high level compliance with data protection legislation, as a data processor.