The GDPR defines a data controller as the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data