The European Data Protection Board (“EDPB“) adopted an opinion on 7 October 2024, providing guidance for data controllers relying on processors (and sub-processors) under the GDPR. The two key themes are:
- supply chain mapping;
- verifying compliance with flow-down obligations.
For many financial institutions, the emphasis on these obligations should not come as a
Continue Reading EU: Engaging vendors in the financial sector: EDPB clarifications mean more mapping and management