The term "data controller" (controller) along with the term "data processor" (processor) is crucial for the attribution of the legal obligations resulting from the GDPR and is essential for the protection of the rights and freedoms of the data subjects.
A "data controller" is a natural or legal person, public authority, agency or other body that alone or jointly with others decides on the purposes and means of processing personal data.
The controller is the main decision-maker with regard to the processing of personal data.
From the point of view of a so-called data subject, the duty of the controller is primarily to ensure that, for example, the rights to request or deletion are observed and implemented.
Ultimately, most of the regulations of the GDPR are directed at the controller, who must then implement them as (part of) the management.