On 7 July 2021, the European Data Protection Board (EDPB) published the final draft of its guidelines concerning the “concepts of controller and processor” in the EU General Data Protection Regulation.
The document provides a more in-depth guidance on the different roles, responsibilities and the relationships between processors, controllers and joint controllers.
We are starting to see more acknowledgements of joint controllership and this gives some useful analysis.
The guidance integrates “updated wording” and “further clarifications” as well as some good examples to support those engaged in data processing across the EU and UK. This follows the EDPB inviting comments on the draft guidance during a public consultation in September 2020.
Click here for more.