The Data Controller determines the purpose for which, and the manner in which, personal data is processed.  It can do this either on its own or jointly or in common with other organisations.  This means that the Data Controller exercises overall control over the “why” and “how” of a data processing activity.