As today’s supply chains get more and more fractioned and complex and being more and more exposed to cyber attacks ( ENISA, Threat Landscape for Supply Chain Attacks, 29 July 2021) and to national security interventions by third countries, the challenge to make and keep such structures compatible with all GDPR requirements is becoming increasingly demanding. For a sound understanding of which GDPR requirements are applicable to which party involved in the processing chain, it is essential to assess at first the attribution of the various roles to each party ((joint) controller, processor, third party, recipient) with regard to each processing operation involved.
In July 2021 the EDPB adopted new guidelines (07/2020) on the concept of controller and processor. During this first BENELUX Square Table of ISACA, Vincent Wellens of the Luxembourg office of Benelux law firm NautaDutilh will lead us through these new guidelines. He will explain their impact on how relations with suppliers can best be structured from the perspective of compliance with the GDPR.