The Confederation of Data Protection Organisations welcomes the revision of WP 169 on the concepts of “controller” and “processor”. The paper offers practical guidance on the differentiation between the concepts by including many examples from common business processes delegated to third parties.

Furthermore, the remarks on the contractual clauses between controllers and processors clearly distinguish between mandatory and optional clauses giving the parties the opportunity to reflect their individual requirements.

 Nonetheless, CEDPO wants to share its point of view regarding certain practical implications possibly resulting from applying the Guidelines and share experiences from its member associations with the EDPB. 

The CEDPO comments can be downloaded here.