Controllers, processors and subprocessors in chains
Contacts
Partner
UK
I am based in London and co-head Bird & Bird's International Privacy and Data Protection Group. I enjoy providing practical advice and solutions to complex legal issues.
Ruth Boardman wrote an insightful article for the International Association of Privacy Professionals (IAPP) covering the European Data Protection Board's Opinion 22/2024 which addresses key obligations in controller-processor-sub processor relationships under GDPR. It clarifies requirements for processors to disclose sub-processor details to controllers, controllers' duties to verify GDPR compliance throughout the chain, and contractual language allowing processors to follow controller instructions or applicable laws.
To delve into the full article click here.
Latest insights
More Insights
China Cybersecurity and Data Protection: Monthly Update – January 2026 Issue
20 minutes Feb 06 2026
Facial recognition and the Privacy Act: a clearer (but stricter) line for businesses
3 minutes Feb 06 2026
Alright, Alright, Alright: Matthew McConaughey Secures Comprehensive Trade Mark Protection of His Persona to Combat AI Deepfakes
4 minutes Feb 05 2026