COCIR feedback to the EDPB guidelines on the concepts of controller and processor

19 October 2020

COCIR welcomes the updated guidance provided by the European Data Protection Board on the concepts of controller and processor in the GDPR.
These concepts of controller and processor are central to the correct application of the GDPR, and essential in determining the roles and responsibilities applicable for different entities within the processing of personal data.
Given the variety and complexity of data processing activities such determination can be challenging, with the consequences thereof having strong legal, financial or other implications. Between business partners there can be different legal interpretations, or even other elements at play (commercial interests, risk appetite, market dominance,...), that will further affect the outcome of the discussions on determining the relevant roles and responsibilities.
Therefore it is paramount that the guidance creates as much clarity as possible for all processors and controllers in order to find strong consensus and, even more importantly, to ensure full compliance with the requirements of the GDPR that provide a high level of data protection for citizens in Europe.