The EU General Data Protection Regulation fundamentally changes the balance of obligations and liabilities between controllers and processors. The requirements and rights offered under Articles 28 and 82 mean contracts between controllers and processors are of "huge practical importance," W. Kuan Hon writes for Privacy Perspectives. However, according to Hon, draft guidance from the U.K. Information Commissioner's Office "seems redolent of a twentieth-century controller world, giving not even one online example." Hon offers up a list of examples of remaining questions, issues left unaddressed and needing clarity on topics ranging from who can be fined, to the obligations of subprocessors, to what is going to happen to joint controllers. The guidance is open for consultation through today.
Full Story
Comments
If you want to comment on this post, you need to login.