January 18, 2021

Volume XI, Number 18


January 15, 2021

Subscribe to Latest Legal News and Analysis

UPDATE: What Should US Companies Know About the New Draft GDPR Guidelines? (Part 1)

If you are a reader of CPW, you have probably heard of the the General Data Protection Regulation (“GDPR”).  The GDPR applies to companies outside the European Union (including, that is right, United States companies) because it is extra-territorial in scope.  Which means, to overly generalize, if you collect any personal data of people in the EU and meet certain criteria, you are required to comply with the GDPR.  Even if you are based in the United States.

This fall, the European Data Protection Board (“EDPB”) the EDPB published the draft “Guidelines 07/2020 on the concepts of controller and processor in the GDPR.”  CPW will be re-reposting a fantastic, four part series addressing the key concepts and issues covered.  As Part 1 explains, “One of the baseline issues that must be considered when assessing the obligations and potential liabilities of an organization that is subject to the GDPR when it collects and processes personal data is whether the organization should be classified as a data controller or a data processor, as defined in the GDPR.  This is not a new issue, since these terms were originally introduced in the 1995 EU General Data Protection Directive and the definitions were not changed significantly by the GDPR.  Determining whether an organization is acting as a controller or processor is often not straightforward as the dividing line between these concepts is not always clear.”

Part 1 of the must read series, available here, provides an overview of the updated guidance on the concept of data processor.  Subsequent posts will deal with the concepts of data controller and joint controllers.

© Copyright 2020 Squire Patton Boggs (US) LLPNational Law Review, Volume X, Number 338



About this Author

Kristin L. Bryan Litigation Attorney Squire Patton Boggs Cleveland, OH & New York, NY
Senior Associate

Kristin Bryan is a litigator experienced in the efficient resolution of contract, commercial and complex business disputes, including multidistrict litigation and putative class actions, in courts nationwide.

She has successfully represented Fortune 15 clients in high-stakes cases involving a wide range of subject matters.

As a natural extension of her experience litigating data privacy disputes, Kristin is also experienced in providing business-oriented privacy advice to a wide range of clients, with a particular focus on companies handling customers’ personal data. In this...