The European Data Protection Board (EDPB) has published new guidance for EU institutions and bodies on the concepts of controllers and processors to help compliance with GDPR.

The guidelines provide explanation and practical advice on controllers and processors, as well as case studies on controller-processor, separate controllership and joint controllership.

The EDPB has also adopted the final version of guidelines 3/2018 on the territorial scope of GDPR. These guidelines aid EEA data protection authorities with their assessment of whether a processing operation by a controller or a processor falls within the territorial scope of the new data protection regime.