Beware Processors As Co-Controllers Under GDPR

By Cynthia Cole (July 17, 2018, 1:05 PM EDT) -- Under the EU's Data Protection Directive, processors have always had a duty to maintain appropriate security measures in the processing of personal data (as defined under the directive and as of May 25, 2018, under the General Data Protection Regulation). The agreements between controllers and processors were part of demonstrating compliance with that tenant. The GDPR makes written contracts between controllers and processors a general requirement, and not just a way to demonstrate compliance. In addition, the GDPR mandates specific contractual terms. These terms are designed to ensure that processing carried out by a processor meets all the requirements of the GDPR (not just those related to keeping personal data secure). In addition, the GDPR gives processors responsibilities and liabilities in their own right, and processors as well as controllers may now be liable to pay damages or be subject to fines or other penalties...

Law360 is on it, so you are, too.

A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions.


A Law360 subscription includes features such as

  • Daily newsletters
  • Expert analysis
  • Mobile app
  • Advanced search
  • Judge information
  • Real-time alerts
  • 450K+ searchable archived articles

And more!

Experience Law360 today with a free 7-day trial.

Start Free Trial

Already a subscriber? Click here to login

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!