Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

The rules about personal data apply to controllers and processors. 

The controller determines the purposes and means of processing personal data.

Examples of controllers you may have dealings with include the following.

  • The central University, together with its divisions and departments, constitutes one controller
  • Each college is a separate controller 
  • Oxford University Innovation Ltd is a controller

The processor is responsible for processing personal data on behalf of a controller. Microsoft is one example of a processor.

Think: for the tasks or activities you carry out using personal data, do you know who the controller is? If it is the central University, we have various responsibilities, which you will find out about in the next few pages. 

We might also use a processor to process data on our behalf – such as a cloud computing service – and we need to make sure we do so safely.