GDPR: the ‘controller v processor’ debate in financial services

Lessons can be learned in the financial services sector from the rush to update contracts to account for the General Data Protection Regulation (GDPR) taking effect earlier this year. The GDPR spurred banks, insurers and other financial institutions to review their existing contracts, most notably their data processing agreements. There is a lot of confusion in this sector about the concepts of ‘controllers’ and ‘processors’ of personal data. Both controllers and processors have distinct obligations under the GDPR.

Full article: GDPR: the ‘controller v processor’ debate in financial services

>