Controller or Processor? EDPB Guidelines Unpacked
Understanding whether you are a data controller, data processor, joint controller, or hold a dual role has been an ongoing challenge for organizations over the years. Determining the difference between these roles and the responsibilities assigned to each has played a critical role in how to apply the GDPR and the Data Protection Directive before it.
In updating its prior guidance on the matter, the European Data Protection Board (‘EDPB’) issued its new finalized Guidelines 07/2020 on the Concepts of Controller and Processor in July 2021 to bring clarity to the issue and assist organizations in their determination.
OneTrust DataGuidance and Fieldfisher hosted an expert panel to provide insight into the EDPB’s guidelines, what they mean for organizations in a practical context and how to navigate some of the key questions that arise for businesses in their application.
Key Takeaways Include:
- In-depth review of the EDPB’s new guidelines
- How to determine your role in the modern business environment
- Key questions regarding contracts between parties and where responsibility lies