Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

European Data Protection Board Publishes Guidelines on the Concepts of Controller, Joint Controller and Processor

By Mark A. Prinsley, Oliver Yaros, Björn Vollmuth, Ana Hadnes Bruder & Ondrej Hajda on September 30, 2020
Email this postTweet this postLike this postShare this post on LinkedIn

On 2 September 2020, the European Data Protection Board (“EDPB”) published new Guidelines 07/2020 (“Guidelines”) for public consultation on the concepts of controller and processor under the European General Data Protection Regulation (“GDPR”). Once finalised, the Guidelines will replace the previous Working Party 29 Opinion 1/2010 (WP169), upon which they build.

Where more than one party is involved in the processing of personal data, the question of the respective roles of the parties with regard to the processing activities arises. The concepts of controller and processor and the interactions between them play a crucial role in the application of the GDPR, since they determine who shall be responsible for compliance with different data protection rules, and how data subjects can exercise their rights in practice.

Continue reading.

Photo of Mark A. Prinsley Mark A. Prinsley

Mark Prinsley is a partner and heads the technology practice in the London office, and is a member of the firm’s Cybersecurity & Data Privacy practice. He concentrates on technology transactions, in particular IT projects and outsourcing.

A substantial element of Mark’s practice…

Mark Prinsley is a partner and heads the technology practice in the London office, and is a member of the firm’s Cybersecurity & Data Privacy practice. He concentrates on technology transactions, in particular IT projects and outsourcing.

A substantial element of Mark’s practice involves data protection issues and he has worked extensively for clients in the pensions and financial services sector designing and implementing GDPR compliant systems for the collection and processing of personal data by businesses and related sub-contractors, commercial transactions involving data sharing and reaction to data breach scenarios including managing data breach notifications. Recent projects Mark has worked on involving personal data include working for an automobile manufacturer implementing a connected vehicle programme globally, a supplier of facial recognition technology on methods of marketing that technology in Europe in compliance with data protection laws and for an insurtech business licensing technology and services to enable life insurers to underwrite life cover for diabetics using AI.

Read Mark’s full bio.

Read more about Mark A. PrinsleyEmail
Show more Show less
Photo of Oliver Yaros Oliver Yaros

Oliver Yaros is a partner in the Intellectual Property & IT Group as well as the Technology & IP Transactions and Cybersecurity & Data Privacy practices of the London office of Mayer Brown. He advises clients on technology and outsourcing transactions with a…

Oliver Yaros is a partner in the Intellectual Property & IT Group as well as the Technology & IP Transactions and Cybersecurity & Data Privacy practices of the London office of Mayer Brown. He advises clients on technology and outsourcing transactions with a particular focus on fintech and digital transformation projects, as well as clients operating within a broad range of sectors on data protection matters and cybersecurity incidents, intellectual property transactions and related issues.

Read Oliver’s full bio.

Read more about Oliver YarosEmail
Show more Show less
Photo of Ana Hadnes Bruder Ana Hadnes Bruder

Ana Hadnes Bruder is a partner in Mayer Brown’s Frankfurt office and an active member of the global Cybersecurity & Data Privacy practice. She is also a member of the firm’s Intellectual Property practice. Ana advises clients on data privacy and cybersecurity matters…

Ana Hadnes Bruder is a partner in Mayer Brown’s Frankfurt office and an active member of the global Cybersecurity & Data Privacy practice. She is also a member of the firm’s Intellectual Property practice. Ana advises clients on data privacy and cybersecurity matters, including preparing for and reacting to cyber-attacks, assessing and making required data breach notifications, analyzing data protection implications of new products and tools and providing strategic advice with a focus on cross-border data processing. Ana further advises on Technology Transactions including cloud services, data and software licensing agreements, SaaS agreements, software development projects, e-commerce, and related Cybersecurity & Data Privacy questions.

Ana is a registered lawyer in Germany and Brazil and has ten years of international experience as legal counsel in Brazil, France and Germany. Ana started her career at Mayer Brown in the Dispute Resolution practice where she represented clients in litigation and arbitration proceedings involving complex commercial, intellectual property and liability matters.

Before joining Mayer Brown, Ana gained experience representing foreign clients in judicial proceedings in Brazil and also worked as in-house counsel for a leading French company in Paris.

Read full bio

Read more about Ana Hadnes BruderEmail
Show more Show less
  • Posted in:
    Privacy and Cybersecurity
  • Blog:
    Inside Cybersecurity & Privacy Law
  • Organization:
    Mayer Brown

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo