Under the General Data Protection Regulation (GDPR), processors (i.e. organisations processing personal data on behalf of a third party) is subject to new obligations. Indeed, before the GDPR, processors were only contractually liable to the controller on behalf of which they processed personal
Controller’s obligations under the GDPR
Under the European General Data Protection Regulation (GDPR), controllers (company or public authority using personal data for their purposes) are subject to new and/or more specific obligations than under the previous legislation (i.e. directive 95/46/EC).
Data controllers’ obligations under the GDPR are set out below.