This fifth set of guidelines provides more information about the definition in the EU General Data Protection Regulation of data controllers and data processors.
The Danish Data Protection Agency and the Danish Ministry of Justice recently issued their fifth set of guidelines about the GDPR. The guidelines concern the difference between data controllers and data processors. The distinction is important because different requirements are imposed on data controllers and data processors.
In very broad outline, data controllers are responsible for ensuring compliance with the GDPR, whereas data processors, on the other hand, must comply with the instructions issued by the data controller and with the processor agreement that has been concluded.
The guidelines present a number of principles that may be applied in the determination of whether a company is a data controller or a data processor. They also provide a number of illustrative examples to serve as inspiration. Furthermore, the guidelines describe what issues to be aware of once the roles of data controller and data processor has been determined.
The guidelines are available here (in Danish).
The content of the above is not, and should not be a substitute for legal advice.