Guidelines on data controllers and data processors

This fifth set of guidelines provides more information about the definition in the EU General Data ‎Protection Regulation of data controllers and data processors.

The Danish Data Protection Agency and the Danish Ministry of Justice recently issued their fifth set of ‎guidelines about the GDPR. The guidelines concern the difference between data controllers and data ‎processors. The distinction is important because different requirements are imposed on data controllers ‎and data processors.‎

In very broad outline, data controllers are responsible for ensuring compliance with the GDPR, whereas ‎data processors, on the other hand, must comply with the instructions issued by the data controller and ‎with the processor agreement that has been concluded.‎

The guidelines present a number of principles that may be applied in the determination of whether a ‎company is a data controller or a data processor. They also provide a number of illustrative examples to ‎serve as inspiration. Furthermore, the guidelines describe what issues to be aware of once the roles of ‎data controller and data processor has been determined.‎

The guidelines are available here (in Danish).

The content of the above is not, and should not be a substitute for legal advice.

More about the subject