The data subject
In the context of the GDPR, the data subject is a: "identified or identifiable natural person". A person is identifiable if he or she can be identified, directly or indirectly, in particular by means of identification factors, including a name, location data, elements characterising social identity, etc.
The controller
In the context of the GDPR, the controller is: a natural person, a public authority or a legal person who, together with others or alone, determines the purpose of the data processing.
The processor
In the context of the GDPR, the processor is a natural person, a public authority or a legal person that processes personal data of the data subject at the service of the data controller.
Importance of distinction between controller and processor
The person responsible for processing and the processor have various obligations on the basis of the GDPR. It is therefore important to make a distinction between the controller and the processor. However, this distinction is not easy to make in all cases. It may be the case that the data controller is also the processor of the data, but it could also be the case that the data controller outsources the actual processing of the personal data to a processor. Important in any case is the difference in obligations between a data processor and a processor, which are assigned to them in the GDPR.
Always clearly define the role of your organization in the context of the processing it is engaged in, in order to be able to determine which obligations are incumbent on your organisation. This provides a basis to ensure that compliance with the GDPR is properly implemented within your organisation.