Which entities are responsible for processing personal data on behalf of a data controller?

The correct choice refers to entities known as data processors. These entities are specifically tasked with processing personal data for a data controller, which is the organization or individual that determines the purposes and means of processing personal data. Data processors act under the direction of the data controller and handle data in accordance with the legal and contractual obligations set forth by the controller.

Data processors do not have decision-making authority over the data; instead, they carry out the instructions provided by the data controller and are bound to follow regulatory compliance regarding privacy and data protection. This relationship is crucial in data governance, especially in light of regulations such as the General Data Protection Regulation (GDPR), which places strict requirements on how personal data is handled to protect individual privacy.

The other options relate to different roles: data subjects are the individuals whose personal data is being processed, information managers might refer to those who oversee data handling practices but are not formally recognized as data processors, and data controllers themselves are the parties that determine how and why personal data is processed. Thus, the clear distinction lies in the role of data processors in executing the processing of data as directed by the data controller.