Cette page est disponible uniquement en anglais

Armed with useful flowcharts to help organisations determine their role, the European Data Protection Board (EDPB) has published new guidelines on the concepts of "controller", "processor" and "joint controller".

Just over a month ago, the Litigation Chamber of the Belgian Data Protection Authority had published a decision in which it appeared to adopt an extensive interpretation of the concept of "controller"; now, thanks to extensive developments by the EDPB, that interpretation no longer seems to be relevant.

In this newsletter, however, we wish to focus on other aspects of the EDPB's controller-processor guidelines, namely its considerations regarding contractual arrangements between controllers and processors and their compliance with the General Data Protection Regulation (GDPR).

A few standouts of the EDPB's interpretation:

  • "Strict minimum" data processing agreements are insufficient;
  • The EDPB sets out recommendations on signatures and amendments to data processing agreements;
  • A high level of detail is required by the EDPB regarding the description of the processing activities, the controller's instructions, security (security measures as such or at least security objectives);
  • A processor's employees etc. must not only keep the personal data processed confidential, but also "the details regarding the relationship" with the controller;
  • The differences between a "specific" authorisation for sub-processing and a "general" one are more limited than one might expect;
    and more…

Read more in our analysis of the impact of the EDPB's guidelines from the perspective of controller-processor agreements.

Related articles

Notification de cookies

Cette fonctionnalité utilise des cookies tiers. Modifiez votre cookie préférences pour visualiser ce contenu ou afficher plus d'informations.
Ces cookies assurent le bon fonctionnement du site. Ces cookies ne peuvent pas être désactivés.
Ces cookies peuvent être placés par des tiers, tels que YouTube ou Vimeo.
En désactivant certaines catégories, les fonctionnalités associées au sein du site risquent de ne plus fonctionner correctement. Vous pouvez modifier vos préférences ultérieurement. Voir plus d'informations.