On July 7th, the European Data Protection Board (“EDPB”) adopted its finalized guidelines on the concepts of controller and processor in the General Data Protection Regulation (“GDPR”). While the EDPB’s predecessor – the Article 29 Working Party – had issued guidance on the concepts of ...
In the first part of the draft guidance, the EDPB clarifies the precise meaning of the concepts of controller, joint controller and processor. The different building blocks of their legal definitions are analyzed in detail. The EDPB emphasizes that the criteria for the correct interpretation of the...
(f) GDPR). These guidelines provide guidance as to the application of Article 46 (2) (f) of the GDPR on transfers of personal data to third countries or to international organisations on the basis of certification. The doc- ument is structured in four sections with an Annex. Part one ...
If you are a Data Controller under GDPR (i.e a business working with personal data of EU residents), we encourage you to take stock of your personal data flows and vendors too. We also continue looking out for practical guidance from a variety of Data Protection Authorities in the EU and...