UK GDPR: Controllers and Processors Definitions and Responsibilities

Detected February 6th, 2026

Summary

The UK's Information Commissioner's Office (ICO) has updated its guidance on definitions and responsibilities for data controllers and processors under UK GDPR. This update is in anticipation of the Data (Use and Access) Act 2025 and is suitable for large businesses, with resources also available for small businesses.

View original document View source feed page

What changed

The Information Commissioner's Office (ICO) has issued updated guidance concerning the definitions and responsibilities of data controllers and processors under the UK GDPR. This guidance is currently under review due to the upcoming Data (Use and Access) Act 2025, which comes into effect on June 19, 2025. The ICO indicates that the guidance may be subject to change and directs users to their plans for new and updated guidance for further information.

This guidance is primarily aimed at large businesses across the public, private, and third sectors, with specific resources provided for small businesses. It covers the definitions of controllers and processors, how to determine one's role, and the respective responsibilities. Additionally, self-assessment tools for controllers and processors are available, along with information on contracts and liabilities between them. Compliance officers should note that while this is guidance, adherence is expected to meet UK GDPR obligations.

Source document (simplified)

Controllers and processors

Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen. The guidance on this page is suitable for large businesses in the public, private and third sectors. Small businesses should use the resources on our small business web hub.

Brief guidance

Controllers and processors: a guide

The definitions of 'controllers' and 'processors', how to determine if you are a controller or processor and what the roles are.

Detailed guidance

Controllers and processors

More detailed guidance on controllers and processors, including how to apply the roles in practice, your responsibilities under each role and joint controllers.