According to GDPR, who is responsible for ensuring compliance?

The data controller is responsible for ensuring compliance with the General Data Protection Regulation (GDPR). This is because the data controller determines the purposes and means of processing personal data and ultimately bears the responsibility for implementing appropriate measures to comply with GDPR requirements. This includes ensuring that personal data is processed lawfully, fairly, and transparently, as well as safeguarding the rights of data subjects.

While the data processor also has obligations under GDPR, such as processing data only on the instructions of the data controller and implementing security measures, it is the data controller who carries the primary responsibility for managing compliance and protecting the data subject's rights. The data subject, on the other hand, is the individual whose personal data is being processed and does not hold an active compliance role. The information commissioner typically oversees compliance and enforcement of the regulation but does not directly ensure compliance within organizations.