Where more than one party are involved in the same personal data processing operations, the first question to answer is: are they acting as a controller or a processor? Indeed, all their GDPR obligations and responsibilities in respect of the
Controller or Processor?
