This checklist is intended to provide guidance to in-house counsel and private practitioners about how to assess whether an organisation is a controller or a processor under the General Data Protection Regulation (GDPR) and to assist them when advising internal and external clients on this issue.
