As companies scramble to become compliant with the May 25 deadline for enforcement of the General Data Protection Regulation (GDPR), the distinction between data controllers and data processors — and their responsibilities — is coming into clearer focus.
To become compliant, companies are hiring data privacy officers, auditing processes and in some cases, pulling out of Europe altogether. And, as your personal email box can attest, they’re updating their terms and conditions, their privacy policies and gathering consent.
But as we inch closer to the deadline, companies may be using these designations to dictate roles and responsibilities that are unintended by GDPR. (I’m looking at you, Google).