Controllers, processors and subprocessors in chains

Published

Oct 21 2024

Reading Time

1 minute

Written By

Partner
UK

I am based in London and co-head Bird & Bird's International Privacy and Data Protection Group. I enjoy providing practical advice and solutions to complex legal issues.

Practices

Ruth Boardman wrote an insightful article for the International Association of Privacy Professionals (IAPP) covering the European Data Protection Board's Opinion 22/2024 which addresses key obligations in controller-processor-sub processor relationships under GDPR. It clarifies requirements for processors to disclose sub-processor details to controllers, controllers' duties to verify GDPR compliance throughout the chain, and contractual language allowing processors to follow controller instructions or applicable laws.

To delve into the full article click here.

Latest insights

More Insights

China Cybersecurity and Data Protection: Monthly Update - January 2025 Issue

Jan 17 2025

Multiple Magnifying Glasses on teal background

Mass claims across borders: a deep dive into the Netherlands, England & Wales, and Germany

Jan 15 2025

Keyboard and tablet on yellow background

European Accessibility Act: is it time to update your websites, products & services to meet Europe’s accessibility requirements?

Jan 13 2025