Armed with useful flowcharts to help organisations determine their role, the European Data Protection Board (EDPB) has published new guidelines on the concepts of "controller", "processor" and "joint controller".
In this contribution we will focus on other aspects of the EDPB's controller-processor guidelines, namely its considerations regarding contractual arrangements between controllers and processors and their compliance with the General Data Protection Regulation (GDPR). The guidelines will have a significant impact on the current contractual practice between controllers and processors, or between joint controllers.
Controller-processor agreements: what do we see today?
In 2018, many...
|