On 2 September 2020, the European Data Protection Board (“EDPB”) published new Guidelines 07/2020 (“Guidelines”) for public consultation on the concepts of controller and processor under the European General Data Protection Regulation (“GDPR”). Once finalised, the Guidelines will replace the previous Working Party 29 Opinion 1/2010 (WP169), upon which they build.

Where more than one party is involved in the processing of personal data, the question of the respective roles of the parties with regard to the processing activities arises. The concepts of controller and processor and the interactions between them play a crucial role in the application of the GDPR, since they determine who shall be responsible for compliance with different data protection rules, and how data subjects can exercise their rights in practice.

Continue reading.