The recent decision from the European Data Protection Board clarifying obligations of data processors under the EU General Data Protection Regulation “works through a number of tricky areas affecting controller-processor-subprocessor relationships,” Bird & Bird Partner and co-head of International Data Protection Practice Ruth Boardman writes. She said the decision now requires that data “processors must provide details of every subprocessor down the chain to the ultimate controller, along with associated information about processing.”
Full story