On September 2, 2020, the European Data Protection Board (“EDPB”) adopted guidelines on the concepts of “controller” and processor” under the GDPR. The Article 29 Working Party had already issued a guidance on this topic in 2010. Although the GDPR did not change the definitions of “controller” and “processor”, the EDPB’s guidelines aim to bring further clarity to these critical concepts and discuss the relationship between them.

The EDPB’s guidelines are divided in two parts.
Continue Reading EDPB Publishes Guidelines on the GDPR Concepts of “Controller”, “Joint Controller” and “Processor”