This checklist is intended to provide guidance to in-house counsel and private practitioners about how to assess whether an organisation is a controller or a processor under the European Union’s General Data Protection Regulation (EU GDPR) and to assist them when advising internal and external clients on this issue.
